From owner-freebsd-net@FreeBSD.ORG Mon Nov 28 09:47:31 2005 Return-Path: X-Original-To: net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEEAB16A41F; Mon, 28 Nov 2005 09:47:31 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id C372343D5D; Mon, 28 Nov 2005 09:47:30 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.3/8.13.3) with ESMTP id jAS9lSO1097800 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 28 Nov 2005 12:47:28 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.3/8.13.1/Submit) id jAS9lRdF097799; Mon, 28 Nov 2005 12:47:27 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Mon, 28 Nov 2005 12:47:27 +0300 From: Gleb Smirnoff To: Ruslan Ermilov Message-ID: <20051128094727.GK25711@cell.sick.ru> References: <20051127005943.GR25711@cell.sick.ru> <20051127135529.GF25711@cell.sick.ru> <20051127194545.GA76200@ip.net.ua> <20051127195914.GI25711@cell.sick.ru> <20051128062732.GA58778@ip.net.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20051128062732.GA58778@ip.net.ua> User-Agent: Mutt/1.5.6i Cc: Vsevolod Lobko , rwatson@FreeBSD.org, net@FreeBSD.org Subject: Re: parallelizing ipfw table X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Nov 2005 09:47:31 -0000 On Mon, Nov 28, 2005 at 08:27:32AM +0200, Ruslan Ermilov wrote: R> > On Sun, Nov 27, 2005 at 09:45:45PM +0200, Ruslan Ermilov wrote: R> > R> Nope, I need this caching. It's for looking up the same table R> > R> several times in a row but with various values. For example, R> > R> we use ipfw tables to route the traffic to the correct dummynet R> > R> pipe, where value is the bandwidth, and this caching helps a lot. R> > R> > Have you benchmarked that this caching is important? On a router R> > that serves a lot of parallel traffic flows the caching is not R> > a benefit, but additional processing. I think we should optimize R> > the code for more loaded environments, since we don't care about R> > CPU consumption in a less loaded setup - whether it is 0.1% or 0.11%. R> > R> I'm talking about the following case: the same packet is R> processed by a firewall ruleset that has N rules that R> look up the same ipfw table but with different "values", R> to select a correct dummynet pipe. I understand this case. But wouldn't it be better to optimise this case by storing the last match on stack in ipfw_chk()? Can you please show me how this ruleset looks like? R> > In general such kind of caching in network code is an old fashion, R> > that causes a problems when we attempt to make code more R> > parallelizable. We alreade removed rtcache in ip_output.c rev. 1.201 R> > and we will soon remove route caching in gif(4), because it causes R> > problems on SMP. R> > R> > Can you try my patch? Since it reduces the total number of mutex R> > operations it should be a win on UP, too. R> > R> We're currently based on 4.x. You can try it yourself: create R> a table with 10000 entries and with value 13. Then write a R> ruleset with 13 rules that look up this table so that the last R> rule looks it up with value 13, and do a benchmark. Let me R> know what are results with and without caching. Such kind of firewall looks like unoptimized. Why should we optimize the code for non-optimized setups. Can't we avoid looking into one table 13 times each packet? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE