From owner-freebsd-net@FreeBSD.ORG  Fri Dec 27 10:27:54 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C101E903
 for <freebsd-net@freebsd.org>; Fri, 27 Dec 2013 10:27:54 +0000 (UTC)
Received: from mail.ipfw.ru (mail.ipfw.ru [IPv6:2a01:4f8:120:6141::2])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 840341345
 for <freebsd-net@freebsd.org>; Fri, 27 Dec 2013 10:27:54 +0000 (UTC)
Received: from [2a02:6b8:0:401:222:4dff:fe50:cd2f] (helo=ptichko.yndx.net)
 by mail.ipfw.ru with esmtpsa (TLSv1:CAMELLIA256-SHA:256)
 (Exim 4.76 (FreeBSD)) (envelope-from <melifaro@FreeBSD.org>)
 id 1VwQow-000KM5-CV; Fri, 27 Dec 2013 10:22:54 +0400
Message-ID: <52BD5598.9020100@FreeBSD.org>
Date: Fri, 27 Dec 2013 14:25:28 +0400
From: "Alexander V. Chernikov" <melifaro@FreeBSD.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: "Denis V. Klimkov" <falcon@tcm.by>, freebsd-net@freebsd.org
Subject: Re: ipfw verrevpath performance broken in 9.2
References: <21356442.20131227093416@tcm.by>
In-Reply-To: <21356442.20131227093416@tcm.by>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Dec 2013 10:27:54 -0000

On 27.12.2013 10:34, Denis V. Klimkov wrote:
> Hello Freebsd-net,
Hi!
>
> Recently upgraded router system from 9.0-RELEASE to 9.2-STABLE and
> got 100% CPU utilisation on all cores with interrupts under the same
> load that had about 25-30% CPU utilisation before. Of course that lead
Looks interesting.
Are you sure all other configs/data load are the same?

I'm particularly interested in changes in: number of NIC queues, their 
bindings and firewall ruleset.

Can you share your traffic rate (e.g. netstat -i -w1), cpu info and NIC 
info?

What does system load (without verrevpath) looks like in comparison with 
9.0 (in terms of CPU _and_ packets/sec) ?
> to high latency (about 400 ms and packet loss).
> Load reduced immediately after I removed all ipfw antispoofing rules with
> "verrevpath":
> 11010       3659429        430047150 deny ip from any to any not verrevpath in via vlan6
> 11020        719931         58619220 deny ip from any to any not verrevpath in via vlan7
> 11025         68141          5144481 deny ip from any to any not verrevpath in via vlan8
> 11030        202144          6785732 deny ip from any to any not verrevpath in via vlan9
> 11040        171291         56196945 deny ip from any to any not verrevpath in via vlan10
> 11045     291914032      39427773226 deny ip from any to any not verrevpath in via vlan11
> 11060       6102962        441745213 deny ip from any to any not verrevpath in via vlan15
> 11070       4832442       1259880158 deny ip from any to any not verrevpath in via vlan16
> 11080        814769         95745079 deny ip from any to any not verrevpath in via vlan17
> 11101       2901098        628552748 deny ip from any to any not verrevpath in via vlan26
> 11102       1264750        146468688 deny ip from any to any not verrevpath in via vlan27
> 11110        902441        294155831 deny ip from any to any not verrevpath in via vlan21
> 11120        628324         31060933 deny ip from any to any not verrevpath in via vlan23
> 11130          1381            83245 deny ip from any to any not verrevpath in via vlan24
> 11138       4258607       3389925416 deny ip from any to any not verrevpath in via vlan31
> 11150            56             2792 deny ip from any to any not verrevpath in via vlan40
>
> Is there a way to fix verrevpath performance issue in 9.2 and futher?
> There is no problem to remove this rules on this system, but I also
> have 2 systems running MPD with about 2000 PPPoE ng interfaces with
> very handy ipfw rule "deny ip from any to any not verrevpath in via
There were no changes related to verrevpath directly, but there were 
some related to generic
netgraph/lookup performance.

I've got some idea about what can be happening here, but I need your 
numbers/other info first.

> ng*".
>
> ---
> Denis V. Klimkov
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>