Date: Tue, 13 Nov 2012 12:16:09 -0800 From: Alfred Perlstein <bright@mu.org> To: "Alexander V. Chernikov" <melifaro@yandex-team.ru> Cc: freebsd-ipfw@freebsd.org, Luigi Rizzo <rizzo@iet.unipi.it>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: [CFT] ipfw SMP-ready dynamic states Message-ID: <50A2AA89.9060309@mu.org> In-Reply-To: <50A29F57.6090701@yandex-team.ru> References: <50A29F57.6090701@yandex-team.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Alexander, this is awesome. On 11/13/12 11:28 AM, Alexander V. Chernikov wrote: > Hello list! > > Currently most ipfw operations with dynamic states (keep-state, > check-state, limit) are serialized via IPFW_DYN_LOCK() which is > per-vnet mutex lock. > > As a result, performance is limited to the same ~650kpps as in routing > (in several cases). > > Patch changes the following: > * global lock is changed to per-bucket mutex > * state expiration is done in ipfw_tick every 1s. No expiration is > done on forwarding path > * hash table resize is done automatically and does not cause all > states to be lost > > The only (architectural) problem I see is unlocked V_dyn_count > increments. > So, we can do the following: > 1) lock increments/decrements via some separate mutex > 2) do nothing > 3) take some combined approach: > > Generally, we don't need value to be _exact_. > As a result, we count total number of states in every ipfw_tick run > and set V_dyn_count to new value. New states still increment > V_dyn_count unlocked. > What about using per-cpu PCPU counters, and then collecting them for display/reporting? -Alfred > > Performance: > > Synthetic traffic, ipfw with single allow ip from any to any rule: 2.4M. > single keep-state ip from any to any: 2.2M. > > Some more tests should be taken (with large number of states, > different types of traffic, etc), maybe I can do some next week. > > > You need to run recent -current or merge r242631 and r242834 before > applying this patch. > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50A2AA89.9060309>