Date: Sat, 20 Aug 2011 15:21:33 +0100 From: "Robert N. M. Watson" <rwatson@FreeBSD.org> To: "Poul-Henning Kamp" <phk@phk.freebsd.dk> Cc: Lev Serebryakov <lev@FreeBSD.org>, freebsd-arch@FreeBSD.org Subject: Re: 10gbps scalability (was: Re: FreeBSD problems and preliminary ways to solve) Message-ID: <CED68224-EB30-4BF5-977B-DD917A3A7801@FreeBSD.org> In-Reply-To: <5299.1313849459@critter.freebsd.dk> References: <5299.1313849459@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20 Aug 2011, at 15:10, Poul-Henning Kamp wrote: > In message <alpine.BSF.2.00.1108201234280.4529@fledge.watson.org>, = Robert Watso > n writes: >=20 >> Part of the key here will be reworking things like ipfw(4)=20 >=20 > Here is how to do it: >=20 > Compile IPFW rules to C-code, compile C-code to KLD, load KLD and hook > the firewall rules. >=20 > If the C-code is designed smartly, the C-compiler can optimize to > insanely efficient code. >=20 > The same semantics as today can be preserved with respect to counters > and dynamic addition/removal of rules, with a little bit of creative > thinking about data structures. >=20 > Somebody[tm] did that long ago, but never contributed the patches back > once The Mgt[tm] realized what performance we were talking about. I'm actually slightly less concerned about this aspect of it, although = some sort of JIT/etc, perhaps grounded in LLVM, would make sense. I'm = more concerned with the management of firewall state in the presence of = multiple network queues and SMP. We should be able to build = substantially on the approaches we've been using higher in the network = stack to align NIC-level work distribution with network stack processing = and application process affinity. (These ideas are still coming to = maturity, but there's useful stuff to be found there.) Robert=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CED68224-EB30-4BF5-977B-DD917A3A7801>