On 9/27/07, Tony Sarendal <[EMAIL PROTECTED]> wrote: > > On 9/27/07, Claudio Jeker <[EMAIL PROTECTED]> wrote: > > > On Thu, Sep 27, 2007 at 09:54:00AM +0100, Tony Sarendal wrote: > > > On 9/27/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > > > > > > > * Tony Sarendal < [EMAIL PROTECTED]> [2007-09-27 10:36]: > > > > > On 9/26/07, Tom Bombadil <[EMAIL PROTECTED]> wrote: > > > > > > > net.inet.ip.ifq.maxlen defines how many packets can be queued > > in the > > > > IP > > > > > > > input queue before further packets are dropped. Packets > > comming from > > > > the > > > > > > > network card are first put into this queue and the actuall IP > > packet > > > > > > > processing is done later. Gigabit cards with interrupt > > mitigation > > > > may > > > > > > spit > > > > > > > out many packets per interrupt plus heavy use of pf can > > slowdown the > > > > > > > packet forwarding. So it is possible that a heavy burst of > > packets > > > > is > > > > > > > overflowing this queue. On the other hand you do not want to > > use a > > > > too > > > > > > big > > > > > > > number because this has negative effects on the system > > (livelock > > > > etc). > > > > > > > 256 seems to be a better default then the 50 but additional > > tweaking > > > > may > > > > > > > allow you to process a few packets more. > > > > > > Thanks Claudio... > > > > > > In the link that Stuart posted here, Henning mentions 256 times > > the > > > > > > number of interfaces: > > > > > > http://archive.openbsd.nu/?ml=openbsd-tech&a=2006-10&t=2474666 > > > > > Is that per physical or per logical interface ? > > > > > > > > it is a rule of thumb. an approximation. for typical cases. > > > > > > > > > [EMAIL PROTECTED] ifconfig -a | grep ^vlan | wc -l > > > > > 4094 > > > > > > > > that is not a typical case. > > > > you do not wanna set your ifqlen to 1048064 :) > > > > > > > > the highest qlen I have is somewhere around 2500. > > > > where the high watermark is... I cannot really say. I'd be careful > > > > going far higher than the above. > > > > > > > > > > > > I meant if the input queue length was per physical or logical > > interface. > > > There are places where I actually need boxes with more than 1k vlan > > > subinterfaces. > > > If net.inet.ip.ifq.maxlen is per logical interface I see some > > potentional > > > issues under load. > > > > > > > Henning's hint of 256 * num of interfaces is for physical interfaces. > > The virtual interfaces will just see a subset of the packets comming > > from > > the real ones and so they can be ignored in that rule of thumb. > > > > Do you have systems with 1000 and more interfaces in production? > > Any performance issues? Many interface related operations are O(N). > > Fixing this is another item on my network stack todo list -- as usual > > feel > > free to send me diffs :) > > > It's still in design/test phase. I'm going to use an Ixia tester and an > X4100 > if I find the time to test it, this is a little pet project of my own. > If I get that far I'll let you know. > > /Tony >
I hooked up the X4100 to one of our testers and ran some basic tests just to get familiar with the tester. I put up the results of the first run of tests on http://www.layer17.net/openbsd-router-intro.html All opinions are welcome, please be gentle. I hope to be able to test the 1k vlan interface firewall setup later, I just need to baseline a bit first. /Tony
