From owner-freebsd-net@FreeBSD.ORG  Wed Jan 14 20:16:55 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B6E3716A4CE
	for <freebsd-net@freebsd.org>; Wed, 14 Jan 2004 20:16:55 -0800 (PST)
Received: from king.suceava.rdsnet.ro (king.suceava.rdsnet.ro [62.231.118.3])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CB67543D48
	for <freebsd-net@freebsd.org>; Wed, 14 Jan 2004 20:16:52 -0800 (PST)
	(envelope-from ady@freebsd.ady.ro)
Received: from datacenter.office.suceava.rdsnet.ro
	(datacenter.office.suceava.rdsnet.ro [217.156.25.194])i0F4GpMS009101
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-net@freebsd.org>; Thu, 15 Jan 2004 06:16:51 +0200
Received: from datacenter.office.suceava.rdsnet.ro
	(datacenter.office.suceava.rdsnet.ro [217.156.25.194])
	id i0F4GpK7020567
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-net@freebsd.org>; Thu, 15 Jan 2004 06:16:51 +0200 (EET)
	(envelope-from ady@freebsd.ady.ro)
Date: Thu, 15 Jan 2004 06:16:51 +0200 (EET)
From: Adrian Penisoara <ady@freebsd.ady.ro>
X-X-Sender: ady@datacenter.office.suceava.rdsnet.ro
To: freebsd-net@freebsd.org
In-Reply-To: <Pine.WNT.4.58.0401141048001.2804@ady-home>
Message-ID: <20040115054704.F20168@datacenter.office.suceava.rdsnet.ro>
References: <Pine.WNT.4.58.0401141048001.2804@ady-home>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-RAVMilter-Version: 8.4.2(snapshot 20021212)
	(datacenter.office.suceava.rdsnet.ro)
Subject: Re: Handling 100.000 packets/sec or more
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jan 2004 04:16:56 -0000

Hi again,

  Thanks for all your answers.

  A small comment though.

Vlad Galu wrote:

>	Try fxp. It has better polling support, and there's the
>advantage of
>the link0 flag. When it's set, the interface won't send interrupts to

 The man page sais that only some versions of the chipset supports this
(microcode download). Do you (or anyone else) know the exact version(s)
of the EtherExpress chip that supports this (and perhaps you have
tried it) ?

 Oh well, looking at the source code it seems you can discern the
enabled versions from here: sys/dev/fxp/rcvbundl.h (Intel source) and
sys/dev/fxp/if_fxp.c (to the end of file).

 Resumed:

   FXP_REV_82558_A4
   FXP_REV_82558_B0
   FXP_REV_82559_A0
   FXP_REV_82559S_A
   FXP_REV_82550
   FXP_REV_82550_C

 Or by Intel revision codes:

D101 A-step, D101 B-step, D101M (B-step only), D101S, D102 B-step,
D102 B-step with TCO work around and D012 C-step.

  I did not quite understand wether the embedded ICH3/4 network
interfaces are also "link0" enabled.

>the kernel for each packet it catches from the wire, but instead will
>wait until its own buffer is full, and generate an interrupt
>afterwards.
>It should be a great deal of improvement when asociated with device
>polling. As you surely know, when the kernel receives an interrupt from
>an interface, it masks all further interrupts and schedules a polling
>task instead.

[...]

>|  On a side note: what would be a adequate formula to calculate the
>|NMBCLUSTERS and MBUFS we should set on this server (via boot-time
>|kern.ipc.nmbclusters and kern.ipc.nmbufs) ?
>|
>
>	I'm still thinking about that ...
>

  Did you come up with anything ?

PS: Keep me in CC:. Thanks.

-- 
Adrian Penisoara
Ady (@freebsd.ady.ro)

On Wed, 14 Jan 2004, Adrian Penisoara wrote:

> Hi,
>
>   At one site that I administer we have a gateway server which services
> a large SOHO LAN (more than 300 stations) and I'm facing a serious
> issue: very often we see strong spoofed floods (variable source IP and
> port, variable destination IP, destination port 80) which can go as far
> as 100 000 packets/sec!
>
>   Of course, the server (FreeBSD 5.2-REL, PIII 733Mhz, 256Mb RAM, 3COM
> 3C905B-TX aka xl0 with checksum offloading support) has a hard time
> swallowing this kind of traffic. The main issue are the IRQ interrupts:
> over 15000 interrupts/sec which consume more than 90% of the CPU time.
> We got ingress filtering so the packets go no further than the firewall
> (which, BTW, is not the issue, even disabling it it's the same problem).
> The system is still responsive but the load average goes as high as 10
> and the interface is losing packets (input errors) which dramatically
> affects legitimate traffic, besides mbuf(9) starvation. We are taking
> down the culprit clients, but this takes time and we need the other
> clients not to be affected by it.
>
>   What can I do to make the system better handle this kind of traffic ?
> Could device polling(8) or just increasing the kernel frequency clock to
> 1000Hz or more improve the situation ?
>   What kind of network cards could face a lot better this burden ? Are
> there any other solutions ?
>
>   On a side note: what would be a adequate formula to calculate the
> NMBCLUSTERS and MBUFS we should set on this server (via boot-time
> kern.ipc.nmbclusters and kern.ipc.nmbufs) ?
>
>  Thank you.
>
>