Site Navigation

Date:      Tue, 26 Dec 2023 11:34:12 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 275943] PF Ether Rules : High Cpu Usage
Message-ID:  <bug-275943-227@https.bugs.freebsd.org/bugzilla/>

---

next in thread | raw e-mail | index | archive | help

---

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275943

            Bug ID: 275943
           Summary: PF Ether Rules : High Cpu Usage
           Product: Base System
           Version: 14.0-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: 32carleone@gmail.com

Hi

When I use pf as Layer3, I don't encounter any performance issues. However,
when I enable Layer2, the CPU usage goes up to 100% and I loose throughput.

Below is htop and iperf during Layer3

```
    0[ 15.7% ]
    1[ 12.6% ]
    2[ 65.4% ]
    3[ 9.4% ]
  Mem[ 1.74G/3.86G ]
  Swp[ 0K/3.79G ]


# iperf3  -c 192.168.1.236 -t 30 -p 5201

[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   111 MBytes   930 Mbits/sec=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20
[  5]   1.00-2.00   sec   111 MBytes   933 Mbits/sec=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20
[  5]   2.00-3.00   sec   111 MBytes   933 Mbits/sec=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20
[  5]   3.00-4.00   sec   111 MBytes   934 Mbits/sec=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20
[  5]   4.00-5.00   sec   111 MBytes   933 Mbits/sec=20=20

```

And output for Layer2+Layer3

```
    0[ 12.0% ]
    1[ 7.7% ]
    2[ 100.0% ]
    3[ 4.3% ]
  Mem[ 1.73G/3.86G ]
  Swp[ 0K/3.79G ]



# iperf3  -c 192.168.1.236 -t 30 -p 5201

[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  52.0 MBytes   436 Mbits/sec=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20
[  5]   1.00-2.00   sec  79.7 MBytes   669 Mbits/sec=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20
[  5]   2.00-3.00   sec  79.5 MBytes   667 Mbits/sec=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20
[  5]   3.00-4.00   sec  79.6 MBytes   668 Mbits/sec=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20
[  5]   4.00-5.00   sec  79.4 MBytes   666 Mbits/sec=20=20

```




Issues arose after I added this rule to my config file
```
ether anchor "allowed_mac_igb1" on { igb1 }
```


And these are the rules in the anchor
```
ether pass in quick from 00:0c:29:4e:df:8e l3 all tag allowed_mac_igb1 dnpi=
pe
1002
ether pass out quick to 00:0c:29:4e:df:8e l3 all tag allowed_mac_igb1 dnpip=
e 2
ether pass in quick from 00:0c:29:97:15:80 l3 all tag allowed_mac_igb1 dnpi=
pe
1002
ether pass out quick to 00:0c:29:97:15:80 l3 all tag allowed_mac_igb1 dnpip=
e 2
ether pass in quick from 00:11:32:52:54:3a l3 all tag allowed_mac_igb1 dnpi=
pe
1002
ether pass out quick to 00:11:32:52:54:3a l3 all tag allowed_mac_igb1 dnpip=
e 2
... +270 line
```

--=20
You are receiving this mail because:
You are the assignee for the bug.=

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-275943-227>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact