From owner-freebsd-net@FreeBSD.ORG Fri Dec 27 14:13:45 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8ABA6130 for ; Fri, 27 Dec 2013 14:13:45 +0000 (UTC) Received: from mailgw1.riffle.be (mailgw1.riffle.be [89.106.240.139]) by mx1.freebsd.org (Postfix) with ESMTP id 53A4912A1 for ; Fri, 27 Dec 2013 14:13:44 +0000 (UTC) Received: from mailgw1.riffle.be (localhost [127.0.0.1]) by mailgw1.riffle.be (Postfix) with SMTP id 03C928D44CD; Fri, 27 Dec 2013 15:13:42 +0100 (CET) Date: Fri, 27 Dec 2013 15:13:41 +0100 From: "Alexander V. Chernikov" Sender: owner-freebsd-net@freebsd.org To: freebsd-net@freebsd.org, "Denis V. Klimkov" Subject: Re: ipfw verrevpath performance broken in 9.2 Message-ID: <52bd8b15.fW1EiGo7J0hceBZ5%melifaro@FreeBSD.org> User-Agent: Heirloom mailx 12.5 6/20/10 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Dec 2013 14:13:45 -0000 On 27.12.2013 10:34, Denis V. Klimkov wrote: > Hello Freebsd-net, Hi! > > Recently upgraded router system from 9.0-RELEASE to 9.2-STABLE and > got 100% CPU utilisation on all cores with interrupts under the same > load that had about 25-30% CPU utilisation before. Of course that lead Looks interesting. Are you sure all other configs/data load are the same? I'm particularly interested in changes in: number of NIC queues, their bindings and firewall ruleset. Can you share your traffic rate (e.g. netstat -i -w1), cpu info and NIC info? What does system load (without verrevpath) looks like in comparison with 9.0 (in terms of CPU _and_ packets/sec) ? > to high latency (about 400 ms and packet loss). > Load reduced immediately after I removed all ipfw antispoofing rules with > "verrevpath": > 11010 3659429 430047150 deny ip from any to any not verrevpath in via vlan6 > 11020 719931 58619220 deny ip from any to any not verrevpath in via vlan7 > 11025 68141 5144481 deny ip from any to any not verrevpath in via vlan8 > 11030 202144 6785732 deny ip from any to any not verrevpath in via vlan9 > 11040 171291 56196945 deny ip from any to any not verrevpath in via vlan10 > 11045 291914032 39427773226 deny ip from any to any not verrevpath in via vlan11 > 11060 6102962 441745213 deny ip from any to any not verrevpath in via vlan15 > 11070 4832442 1259880158 deny ip from any to any not verrevpath in via vlan16 > 11080 814769 95745079 deny ip from any to any not verrevpath in via vlan17 > 11101 2901098 628552748 deny ip from any to any not verrevpath in via vlan26 > 11102 1264750 146468688 deny ip from any to any not verrevpath in via vlan27 > 11110 902441 294155831 deny ip from any to any not verrevpath in via vlan21 > 11120 628324 31060933 deny ip from any to any not verrevpath in via vlan23 > 11130 1381 83245 deny ip from any to any not verrevpath in via vlan24 > 11138 4258607 3389925416 deny ip from any to any not verrevpath in via vlan31 > 11150 56 2792 deny ip from any to any not verrevpath in via vlan40 > > Is there a way to fix verrevpath performance issue in 9.2 and futher? > There is no problem to remove this rules on this system, but I also > have 2 systems running MPD with about 2000 PPPoE ng interfaces with > very handy ipfw rule "deny ip from any to any not verrevpath in via There were no changes related to verrevpath directly, but there were some related to generic netgraph/lookup performance. I've got some idea about what can be happening here, but I need your numbers/other info first. > ng*". > > --- > Denis V. Klimkov > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"