From owner-freebsd-pf@FreeBSD.ORG Thu Jun 28 12:35:51 2012 Return-Path: Delivered-To: pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E5FD21065672 for ; Thu, 28 Jun 2012 12:35:51 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id 6CEFF8FC0A for ; Thu, 28 Jun 2012 12:35:51 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id q5SCZo7t097752 for ; Thu, 28 Jun 2012 16:35:50 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id q5SCZoWZ097751 for pf@freebsd.org; Thu, 28 Jun 2012 16:35:50 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Thu, 28 Jun 2012 16:35:50 +0400 From: Gleb Smirnoff To: pf@FreeBSD.org Message-ID: <20120628123550.GF21957@FreeBSD.org> References: <20120608061737.GA28197@glebius.int.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20120608061737.GA28197@glebius.int.ru> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Subject: Re: [CFT] SMP-friendly pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jun 2012 12:35:52 -0000 Hello, again. On Fri, Jun 08, 2012 at 10:17:37AM +0400, Gleb Smirnoff wrote: T> Three and a half months ago I've started on a project "SMP-friendly pf", T> which recently have entered alpha stage. As you see from the subject of this T> mail, this is call for testing. I'm bit disappointed that my announce get so little response. Anyway, here are some results from running in production. This time on a busy router, that got a noticable load during busiest hours. It has complex ruleset with almost 400 rules, 21 vlan(4) interfaces running on top of lagg(4) and serves about 30 subnets of different size. Some subnets are behind NAT, and some or simple routed. The router usually got somewhere between 20k to 60k states and 120k pf searches per second, with peaks up to 140k searches. It has 4 cores and runs igb(4) NICs. After migrating to experimental pf branch on, the CPU load during busiest hours has dropped significantly: http://people.freebsd.org/~glebius/pflock/pflock-migration.png A more recent pic (taken right now): http://people.freebsd.org/~glebius/pflock/pflock-migration2.png Each high peak is a working day (in Russia in June we have had a 6 day week followed by 3 day week). The thin red peak is buildworld+buildkernel, and after it the box was rebooted and since runs with SMP-friendly pf. As you may notice, after migration the working day peaks are much lower than before. Traffic volume is the same, I've checked this :) I hope these results would encourage someone to participate in early testing. :) -- Totus tuus, Glebius.