Date: Wed, 15 Jul 2020 10:47:37 +0200 From: Patrick Lamaiziere <patfbsd@davenulle.org> To: Olivier =?UTF-8?B?Q29jaGFyZC1MYWJiw6k=?= <olivier@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: poor performance with Intel X520 card Message-ID: <20200715104737.1a0bbe00@mr185033.univ-rennes1.fr> In-Reply-To: <CA%2Bq%2BTcpmP9m4ijJ2F5Uw7nZBZEo=1%2BnzHr0D8YwruqdBRd-qOA@mail.gmail.com> References: <20200710084530.777ce321@mr185033.univ-rennes1.fr> <CA%2Bq%2BTcpmP9m4ijJ2F5Uw7nZBZEo=1%2BnzHr0D8YwruqdBRd-qOA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 10 Jul 2020 18:21:11 +0200 Olivier Cochard-Labb=C3=A9 <olivier@freebsd.org> wrote: Hi Olivier, > > That is mostly for the record but it looks like the intel X520 is > > not very good and generates a high level of interrupts. > > > > On a router / firewall with 500 Kpps in input (dropped by pf) is > > enough to put the CPUs at > > 100% busy. >=20 > yes 500 Kpps is quite low: Do you have a very complex long pf rule > set? Around 1450 rules in all but only 760 for ix0 in input (quick rules only). PF ruleset-optimization is set to 'basic' (the default) It's hard to see if PF is the bottleneck but we graph all PF statistics each 10 seconds (pfctl -vsi). input 500 Kpps, traffic dropped 200 Kpps, pfctl matches rules (counter match) is high with around 270 K matches/s (normally is around 12 K matches/s), pfctl states searches around 300 K/s (normally 200 K/s) So there is a large number of ruleset evaluations (time costly). PF congestion counter is always =3D 0, I'm not sure if this counter works on FreeBSD - I'm sure it works on OpenBSD :) On FreeBSD does PF congestion increase if PF is not able to handle the load? (On OpenBSD when congestion occurs, PF stops to evaluate the ruleset for a litle time and only evaluates states matches). Thanks, I guess I have to find a packets generator to make tests.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200715104737.1a0bbe00>