From owner-freebsd-net@FreeBSD.ORG  Tue Feb 17 18:36:37 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BB50C106564A
	for <freebsd-net@freebsd.org>; Tue, 17 Feb 2009 18:36:37 +0000 (UTC)
	(envelope-from prvs=julian=29260e750@elischer.org)
Received: from smtp-outbound.ironport.com (smtp-outbound.ironport.com
	[63.251.108.112])
	by mx1.freebsd.org (Postfix) with ESMTP id A7C918FC1A
	for <freebsd-net@freebsd.org>; Tue, 17 Feb 2009 18:36:37 +0000 (UTC)
	(envelope-from prvs=julian=29260e750@elischer.org)
Received: from unknown (HELO julian-mac.elischer.org) ([10.251.60.150])
	by smtp-outbound.ironport.com with ESMTP; 17 Feb 2009 10:08:11 -0800
Message-ID: <499AFD1D.4020907@elischer.org>
Date: Tue, 17 Feb 2009 10:08:29 -0800
From: Julian Elischer <julian@elischer.org>
User-Agent: Thunderbird 2.0.0.19 (Macintosh/20081209)
MIME-Version: 1.0
To: Oliver Fromme <olli@lurza.secnetix.de>
References: <200902171747.n1HHlwQR080012@lurza.secnetix.de>
In-Reply-To: <200902171747.n1HHlwQR080012@lurza.secnetix.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@FreeBSD.ORG
Subject: Re: Packet filter performance on SMP
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Feb 2009 18:36:38 -0000

Oliver Fromme wrote:
> Hi,
> 
> I've asked this a week ago on the -ipfw list, but got no
> reply ...  The -net list might be more appropriate.
> 
> I'll have to implement a packet filter on machines with
> several cores (4 to 8).  Which one of the available filters
> (IPFW, IPF, PF) will provide the best performance on such
> SMP machines?  I heard that PF doesn't support SMP hardware
> very well -- is that true?  Will IPFW be better?

Not a lot of testing has been done on this topic yet.
I know that this is not what you want to hear but it
is possible that you might be the person to try it out
(using the tunables to disable different number of CPUs)
and see how it works out.

let us know if you get any interesting results.

Ipfw has a single rw lock guarding the entire rule set but it
only does a reader lock on packet processing so multiple CPUs
can be in there at the same time. It does not however protect
the statistics on each rule so if two cpus try update the stats
at the same time, one of them will miss out. (this has been
considered an acceptable loss of accuracy in order to
maintain throughput I guess).


> Thanks for any insights.
> 
> Best regards
>    Oliver
>