Date: Wed, 24 Apr 2013 22:23:08 +0200 From: Luigi Rizzo <rizzo@iet.unipi.it> To: "Alexander V. Chernikov" <melifaro@FreeBSD.org> Cc: freebsd-ipfw@freebsd.org, luigi@freebsd.org Subject: Re: [patch] ipfw interface tracking and opcode rewriting Message-ID: <20130424202308.GA11146@onelab2.iet.unipi.it> In-Reply-To: <51783798.4020004@FreeBSD.org> References: <517801D3.5040502@FreeBSD.org> <20130424162349.GA8439@onelab2.iet.unipi.it> <51780C49.7000204@FreeBSD.org> <20130424190930.GA10395@onelab2.iet.unipi.it> <51783798.4020004@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 24, 2013 at 11:50:48PM +0400, Alexander V. Chernikov wrote: > On 24.04.2013 23:09, Luigi Rizzo wrote: > > On Wed, Apr 24, 2013 at 08:46:01PM +0400, Alexander V. Chernikov wrote: > >> On 24.04.2013 20:23, Luigi Rizzo wrote: ... > >> Well, actually I'm thinking of the next 2 steps: > >> 1) making kernel rule header more compact (20 bytes instead of 48) and > >> making it invisible for userland. > >> This involves rule counters to be stored separately (and possibly as > >> pcpu-based ones). > >> 2) since ruleset is now nearly readonly and more or less compact we can > >> try to store it in > >> contiguous address space to optimize cache line usage. > > certainly a worthwhile goal (also using gleb's new counters) > > but i suspect that compacting rules are a second order effect. > > I a bit skeptical they make a big difference on the in-kernel > > version of ipfw. You might see some difference in the > My current numbers are ~5mpps of IPv4 forwarding with ipfw turned on (1 > rule) for vlans over ixgbe, with 60% cpu usage (2xE5646). yes, but that means about 1mpps per core. the userspace version, i have been told, reached 14.2mpps with one core when running on netmap interfaces (single rule). So the impact of 20-30ns per rule is much higher in the second case. Speaking of which -- it would be better to report performance in terms of ns per packet (or per rule), rather than Mpps, because it is much easier to compare results. Saying "20% better" or "300Kpps more" requires a lot more context to understand how much things improved. > For lagg with 2x ixgbe it is ~7mpps with the same 60% usage. > (And, say, 70% of CPU usage on our production is ipfw, despite low > number of rules). > > userspace version, which runs on top of netmap. > We are preparing to move forward in this direction (and thinking of > 20-30mpps as our goal). > (And I hope some changes of kernel-based version can migrate to userland > one :)) yes, my goal is to have a single source tree that builds both in kernel and userspace. The diffs are very small, I just have a little bit of glue code to hook the packet path and the control socket. cheers luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130424202308.GA11146>