On Thu, Sep 27, 2007 at 09:54:00AM +0100, Tony Sarendal wrote: > On 9/27/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-09-27 10:36]: > > > On 9/26/07, Tom Bombadil <[EMAIL PROTECTED]> wrote: > > > > > net.inet.ip.ifq.maxlen defines how many packets can be queued in the > > IP > > > > > input queue before further packets are dropped. Packets comming from > > the > > > > > network card are first put into this queue and the actuall IP packet > > > > > processing is done later. Gigabit cards with interrupt mitigation > > may > > > > spit > > > > > out many packets per interrupt plus heavy use of pf can slowdown the > > > > > packet forwarding. So it is possible that a heavy burst of packets > > is > > > > > overflowing this queue. On the other hand you do not want to use a > > too > > > > big > > > > > number because this has negative effects on the system (livelock > > etc). > > > > > 256 seems to be a better default then the 50 but additional tweaking > > may > > > > > allow you to process a few packets more. > > > > Thanks Claudio... > > > > In the link that Stuart posted here, Henning mentions 256 times the > > > > number of interfaces: > > > > http://archive.openbsd.nu/?ml=openbsd-tech&a=2006-10&t=2474666 > > > Is that per physical or per logical interface ? > > > > it is a rule of thumb. an approximation. for typical cases. > > > > > [EMAIL PROTECTED] ifconfig -a | grep ^vlan | wc -l > > > 4094 > > > > that is not a typical case. > > you do not wanna set your ifqlen to 1048064 :) > > > > the highest qlen I have is somewhere around 2500. > > where the high watermark is... I cannot really say. I'd be careful > > going far higher than the above. > > > > I meant if the input queue length was per physical or logical interface. > There are places where I actually need boxes with more than 1k vlan > subinterfaces. > If net.inet.ip.ifq.maxlen is per logical interface I see some potentional > issues under load. >
Henning's hint of 256 * num of interfaces is for physical interfaces. The virtual interfaces will just see a subset of the packets comming from the real ones and so they can be ignored in that rule of thumb. Do you have systems with 1000 and more interfaces in production? Any performance issues? Many interface related operations are O(N). Fixing this is another item on my network stack todo list -- as usual feel free to send me diffs :) -- :wq Claudio
