On Fri, Apr 26, 2013 at 06:22:18PM +0200, Olivier Cochard-Labb? wrote:
O> > In FreeBSD 10 pf is no longer under single lock. On your hardware,
O> > I'd expect a measurable performance gain if you migrate to 10.
O>
O> Compairing 9.1 and current (249908) on my new test-server (HP ProLiant
O> DL320 G
--- On Fri, 4/26/13, Erich Weiler wrote:
> From: Erich Weiler
> Subject: Re: pf performance?
> To: "Andre Oppermann"
> Cc: "Paul Tatarsky" , freebsd-net@freebsd.org
> Date: Friday, April 26, 2013, 12:04 PM
> >> But the work pf does would
> show up in 'system' on top right? So if I
> >> see al
Dnia piątek, 26 kwietnia 2013 o 00:21:11 Kajetan Staszkiewicz napisał(a):
> > > How do you count the 140kpps value? One interface, both, in, out? I'd
> > > like to relate this somehow to my values.
> >
> > Well, generally we see 80kpps rx and 40kpps tx. But I have seen the rx
> > spike to 150kpp
Dnia piątek, 26 kwietnia 2013 o 00:52:43 Erich Weiler napisał(a):
> > How many pf rules do you have?. And, as I asked in my previous post, do
> > you create states on both sides of the firewall?
>
> One interface has 12 rules and other other interface has one rule. We
> do create states on both s
If this machine is dedicated for pf then setting sysctl net.isr.direct=0
might also improve performance, by forcing all packets to go through a
single netisr thread (assuming that net.isr.maxthreads is 1). Note that
this will apply to traffic that does not go through pf, so if this
machine were d
On Fri, Apr 26, 2013 at 7:16 PM, Adrian Chadd wrote:
> Do you have witness, etc enabled in -current?
>
Hi Adrian,
Of course not :-)
The src.conf have:
MALLOC_PRODUCTION=
And the kernel have:
include GENERIC
nomakeoption DEBUG
nooptions DDB
nooptions GDB
nooptions
On 4/26/2013 12:22 PM, Olivier Cochard-Labbé wrote:
> On Fri, Apr 26, 2013 at 3:42 PM, Gleb Smirnoff wrote:
>>
>> In FreeBSD 10 pf is no longer under single lock. On your hardware,
>> I'd expect a measurable performance gain if you migrate to 10.
>
> Compairing 9.1 and current (249908) on my new
On 26 April 2013 09:22, Olivier Cochard-Labbé wrote:
> On Fri, Apr 26, 2013 at 3:42 PM, Gleb Smirnoff wrote:
>>
>> In FreeBSD 10 pf is no longer under single lock. On your hardware,
>> I'd expect a measurable performance gain if you migrate to 10.
>
> Compairing 9.1 and current (249908) on my new
In other words, until I see like 100% system usage in one core, I
would have room to grow?
Probably not. Mutexes in FreeBSD use "adaptive spinning". This means
that when a thread is unable to acquire a mutex, if the owner of the
mutex is still running on another CPU core then the threa
Hi,
this thread seems it seems to be related to my problem (see High CPU
interrupt load on intekl i350T4 with igb on 8.3). So let me jump in ;)
Le 26/04/2013 17:54, Andre Oppermann a écrit :
On 26.04.2013 16:49, Erich Weiler wrote:
The pf isn't a process, so you can't see it in top. pf has s
On Fri, Apr 26, 2013 at 3:42 PM, Gleb Smirnoff wrote:
>
> In FreeBSD 10 pf is no longer under single lock. On your hardware,
> I'd expect a measurable performance gain if you migrate to 10.
Compairing 9.1 and current (249908) on my new test-server (HP ProLiant
DL320 G5, dual-core Xeon 3050, dual
On Fri, Apr 26, 2013 at 10:49 AM, Erich Weiler wrote:
> The pf isn't a process, so you can't see it in top. pf has some helper
>> threads however, but packet processing isn't performed by any of them.
>>
>
> But the work pf does would show up in 'system' on top right? So if I see
> all my CPUs t
But the work pf does would show up in 'system' on top right? So if I
see all my CPUs tied up 100%
in 'interrupts' and very little 'system', would it be a reasonable
assumption to think that if I got
more CPU cores to handle the interrupts that eventually I would see
'system' load increase as the
On 26.04.2013 16:49, Erich Weiler wrote:
The pf isn't a process, so you can't see it in top. pf has some helper
threads however, but packet processing isn't performed by any of them.
But the work pf does would show up in 'system' on top right? So if I see all
my CPUs tied up 100%
in 'interrup
On 26-04-2013 10:26, Rainer Bredehorn wrote:
>> I'm using FreeBSD 8.3 which doesn't support IPv6 fragments in PF.
>> Does FreeBSD 9.x PF support IPv6 fragments?
>> I can't find it in the 9.0 or 9.1 manpages. For pf.conf they are the same as
>> in FreeBSD 8.3.
> I've modified the kernel PF implemen
The pf isn't a process, so you can't see it in top. pf has some helper
threads however, but packet processing isn't performed by any of them.
But the work pf does would show up in 'system' on top right? So if I
see all my CPUs tied up 100% in 'interrupts' and very little 'system',
would it be
On Fri, Apr 26, 2013 at 10:18 AM, Vlad Galu wrote:
> It is definitely interesting. On the other hand, I work for one of the
> major players in the field, so I am quite subjective.
>
> On Mon, Apr 22, 2013 at 12:13 AM, Konrad Witaszczyk <
> konrad.witaszc...@uj.edu.pl> wrote:
>
> > Hi,
> >
> > I'm
It is definitely interesting. On the other hand, I work for one of the
major players in the field, so I am quite subjective.
On Mon, Apr 22, 2013 at 12:13 AM, Konrad Witaszczyk <
konrad.witaszc...@uj.edu.pl> wrote:
> Hi,
>
> I'm looking for information about an implementation of SCPS in FreeBSD (
Erich,
On Tue, Apr 23, 2013 at 12:49:21PM -0700, Erich Weiler wrote:
E> I have a question here about how FreeBSD (8.1-RELEASE-p13 specifically)
E> behaves when acting as a firewall. I understand the pf process is
E> "giant locked" to a single CPU core when inspecting packets inbound and
E> o
Hi list,
We use pf+ALTQ for trafic shaping on some routers.
We are switching to new servers : Dell PowerEdge R620 with 2 8-cores
Intel Processor (E5-2650L), 8GB RAM and Intel I350T4 (quad port) using
igb driver. The old hardware is using em driver, the CPU load is high
but mostly due to kerne
Hello,
would you mind running a performance test with a snapshot of tomorrow from
this link http://snapshots.pfsense.org/
There are some optimizations in pfSense and it would be nicer to compare to
FreeBSD itself how it behaves.
That is before the lock changes in HEAD since its FreeBSD 8.
Regard
> I'm using FreeBSD 8.3 which doesn't support IPv6 fragments in PF.
> Does FreeBSD 9.x PF support IPv6 fragments?
> I can't find it in the 9.0 or 9.1 manpages. For pf.conf they are the same as
> in FreeBSD 8.3.
I've modified the kernel PF implementation to pass IPv6 fragments.
The first fragment
On Fri, Apr 26, 2013 at 09:23:35AM +0300, Sami Halabi wrote:
> Hi Eitan,
> Thank your for your response.
> the ioctl is the example was in Luigi netmap page... maybe Luigi can help
> here???
the thing i suggest is take the pkt-gen source from the FreeBSD tree
tools/tools/netmap/
and
On 26.04.2013 08:23, Sami Halabi wrote:
Hi Eitan,
Thank your for your response.
the ioctl is the example was in Luigi netmap page... maybe Luigi can help
here???
can you say why the print's are wrong?
They print the addresses of the variables, not their values.
int i = 1234;
printf("i=%d\
24 matches
Mail list logo
