Date: Wed, 9 Oct 2002 02:53:43 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Christopher Smith <csmith@its.uq.edu.au> Cc: hardware@freebsd.org, <net@freebsd.org> Subject: Re: High interrupt load on firewalls Message-ID: <20021009024946.D2682-100000@patrocles.silby.com> In-Reply-To: <B9C9FA56.30E7C%csmith@its.uq.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Oct 2002, Christopher Smith wrote: > No, we use IPFilter (and that definitely isn't going to change any time > soon). Oh. Hm, maybe IPFilter 4.0 will be faster. <looks around for darren> What you might consider doing is profiling the kernel on your test system to see where the majority of the cpu time is going. > The rule processing can't be done on the other CPU, can it ? Am I right in > saying that at this point in time, buying a dual CPU (vs single CPU) machine > for firewalling with FreeBSD is just a waste of money ? Even if it could be done, I doubt that would be the most cost effectively solution to the problem. Try out different NICs, then move on to kernel profiling if it's still a problem. Luigi can probably comment more on this, but one thing which comes to mind is that the if_ti driver might not be updated to use the new m_getcl function Luigi added. Luigi claimed a 10% increase in forwarding speed for drivers using it, I believe. :) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021009024946.D2682-100000>