* Chris Cappuccio <ch...@nmedia.net> [2014-06-23 20:24]: > Henning Brauer [lists-open...@bsws.de] wrote: > > * Chris Cappuccio <ch...@nmedia.net> [2014-06-21 20:05]: > > > Right now all routers and firewalls should > > > be on SP kernels or you will actually have worse performance. > > > > This is not true any more and hasn't been for some time. > > > > It is, however, true that the extra cores buy you little to nothing > > for the kernel side, i. e. a pure packet forwarding firewall (no > > proxies) or a static-routing router won't really benefit. > > I have a sandy bridge Xeon box with PF NAT that handles a daily 200 > to 700Mbps. It has a single myx interface using OpenBSD 5.5 (not > current). It does nothing but PF NAT and related routing. No barage > of vlans or interfaces. No dynamic routing. Nothing else. 60,000 to > 100,000 states. > > With an MP kernel, kern.netlivelocks increases by something like 150,000 > per day!! I The packet loss was notable. > > With an SP kernel, the 'netlivelock' counter barely moves. Maybe 100 per > day on average, but for the past week, maybe 5.
as already said in private, I'm not seeing anything like that which makes me wonder what is different for you. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
