Date: Mon, 8 Dec 2014 10:27:23 -0500 From: Maxim Khitrov <max@mxcrypt.com> To: Jim Thompson <jim@netgate.com> Cc: Martin Hanson <greencoppermine@yandex.com>, "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: Why merging recent OpenBSD PF code is not easy (was Re: FOLLOW-UP) Message-ID: <CAJcQMWc_wPXKF0bZ2t0gsDFCPSy4EjDULFYtuS5P6Wbr2HtAqw@mail.gmail.com> In-Reply-To: <75F1B874-8BF5-4500-A9EB-9A6E3F90C3F2@netgate.com> References: <115251417993747@web27m.yandex.ru> <75F1B874-8BF5-4500-A9EB-9A6E3F90C3F2@netgate.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 7, 2014 at 9:22 PM, Jim Thompson <jim@netgate.com> wrote: > OpenBSD may eventually grow proper multicore support, but that is of litt= le concern to the FreeBSD project. It took FreeBSD years to get proper mu= lticore support, and I doubt > OpenBSD gets there any faster. Nor have they started. This is bad news f= or OpenBSD, because the world is now multicore, 1Gbps are common (I have on= e to my house) and 10Gbps connections are increasingly common. OpenBSD=E2= =80=99s =E2=80=9Cpf=E2=80=9D doesn=E2=80=99t even handle 1Gbps unless How many of your 1 Gbps links are handling 1.488 Mpps? I wasn't very interested in that use case when I did my testing, so for me, OpenBSD 5.3 handled 4.2 Gbps (MTU 1500) with Intel X540 NIC and Xeon E3-1275v2. If I did the math right, that's ~0.35 Mpps: http://marc.info/?l=3Dopenbsd-misc&m=3D137600809910496&w=3D2 The limiting factor was not pf (nearly same performance with it disabled), but single-core processing of all interrupts and packets. Yes, there is work to be done there. Even with that "poor" performance, I'm now using OpenBSD for firewalls because the new pf.conf syntax, which makes the ruleset much cleaner and easier to maintain, as well as other features (interface groups, set prio, new queueing system, received-on, etc.), are more important to me than being able to push 10 Gbps of traffic through the box. I understand that other people and organizations have other priorities, but IMHO, OpenBSD covers the common use case better than FreeBSD at the moment. How many people managed to figure out hfsc for altq (which isn't even compiled into the GENERIC kernel)? I tried... I really did. Even with cbq, the resulting ruleset was an unmaintainable mess most of the time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJcQMWc_wPXKF0bZ2t0gsDFCPSy4EjDULFYtuS5P6Wbr2HtAqw>