From owner-freebsd-net  Sat Nov  9 20:53:43 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 290DD37B401
	for <freebsd-net@freebsd.org>; Sat,  9 Nov 2002 20:53:42 -0800 (PST)
Received: from shell.dragondata.com (shell.dragondata.com [66.250.147.249])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2CACB43E3B
	for <freebsd-net@freebsd.org>; Sat,  9 Nov 2002 20:53:40 -0800 (PST)
	(envelope-from toasty@dragondata.com)
Received: (from root@localhost)
	by shell.dragondata.com (8.11.4/8.11.3) id gAA4rd310631
	for freebsd-net@freebsd.org; Sat, 9 Nov 2002 22:53:39 -0600 (CST)
	(envelope-from toasty@dragondata.com)
Received: from KEVIN-AW.dragondata.com (dsl092-133-143.chi1.dsl.speakeasy.net [66.92.133.143])
	by shell.dragondata.com (8.11.4/8.11.3av) with ESMTP id gAA4rb010606
	for <freebsd-net@freebsd.org>; Sat, 9 Nov 2002 22:53:38 -0600 (CST)
	(envelope-from toasty@dragondata.com)
Message-Id: <5.1.1.5.2.20021109202725.00b61a10@127.0.0.1>
X-Sender: toasty@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Sat, 09 Nov 2002 22:53:36 -0600
To: freebsd-net@freebsd.org
From: Kevin Day <toasty@dragondata.com>
Subject: Packet forwarding overhead - with ipfw counting
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Virus-Scanned: by dragondata.com virus scanner
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org


I have a server acting as a router. Dual bge gigabit network interfaces 
(PCI-X), one is the WAN side the other is the LAN side.

When we're pushing 250-300mbits through, we're using about 15% of its 
2.4Ghz P4 Xeon CPU. All of it is in "interrupt" time... that seems a bit 
high, but that'll still let us max things out at 1gbit so we're ok.

However, we wanted to do some MRTG style traffic charts per ip. I added 
about 30 sets of ipfw rules like this:

count ip from 10.0.0.160 to any
count ip from any to 10.0.0.160

Having these in place more than tripled the CPU usage. Am I just hitting a 
non-optimized codepath in ipfw, or is this normal for these kind of rules?






To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message