On Tue, Sep 1, 2015 at 12:41 PM, Giancarlo Razzolini <grazzol...@gmail.com> wrote:
> Em 01-09-2015 14:21, Quartz escreveu: > > Also, does a local DNS resolver really consume that much cpu that it > > would see any notable effect from having another core? I thought that > > was more a RAM thing. > > If it will be the resolver for your entire internal LAN (and the > firewall itself), then it will consume more RAM and CPU than pf. Having > more of both in this case is better. Again, each case is different and > you should really try and see. Also, all of this might become somewhat > irrelevant when (if) the mp pf patch enters base. > > Cheers, > Giancarlo Razzolini > > Quartz, This becomes a complex question, but the short answer is to use the multi-processor system. The single core will perform better when you care nothing about your performance, the multi-core system will perform better the only time you care at all about performance. The issue here is that you aren't actually interested in being faster when you're not under some sort of load, just being adequate. However, when approaching the event of the firewall being your bottleneck, you'll be under load, or you won't be approaching it, at that moment, simultaneously serving out DNS requests, and continuing to service packet forwarding is the desired effect, and not paying a context-switching tax during these simultaneous load events will make a bigger difference than any other single factor. The single-core approach achieves instead being most efficient under the least load, while that might make up the largest percentage of the system's life, who cares how fast you are when you aren't doing anything.
