From owner-freebsd-net@FreeBSD.ORG Tue Apr 28 04:52:32 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 81D44106566B for ; Tue, 28 Apr 2009 04:52:32 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227]) by mx1.freebsd.org (Postfix) with ESMTP id C1D2A8FC16 for ; Tue, 28 Apr 2009 04:52:30 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id n3S4XaSZ022453; Tue, 28 Apr 2009 14:33:38 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Tue, 28 Apr 2009 14:33:36 +1000 (EST) From: Ian Smith To: =?ISO-8859-1?Q?Daniel_Dias_Gon=E7alves?= In-Reply-To: <49F5DB12.7080502@yan.com.br> Message-ID: <20090428135053.Y89549@sola.nimnet.asn.au> References: <49F06985.1000303@yan.com.br> <49F08071.1070905@ibctech.ca> <49F1D992.9000001@yan.com.br> <20090425024635.O89549@sola.nimnet.asn.au> <49F5DB12.7080502@yan.com.br> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1620027708-1240893216=:89549" Cc: freebsd-ipfw@freebsd.org, Steve Bertrand , freebsd-net@freebsd.org Subject: Re: IPFW MAX RULES COUNT PERFORMANCE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Apr 2009 04:52:32 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1620027708-1240893216=:89549 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT On Mon, 27 Apr 2009, Daniel Dias Gonçalves wrote: > What may be happening ? I'm with polling enabled on all interfaces, can you > influence ? > > em0: port 0x7000-0x703f mem > 0xdfa00000-0xdfa1ffff irq 16 at device 8.0 on pci4 > em1: port 0x7400-0x743f mem > 0xdfa20000-0xdfa3ffff irq 17 at device 8.1 on pci4 > em2: port 0x8000-0x803f mem > 0xdfb00000-0xdfb1ffff irq 16 at device 8.0 on pci5 > em3: port 0x8400-0x843f mem > 0xdfb20000-0xdfb3ffff irq 17 at device 8.1 on pci5 > em4: port 0x9000-0x903f mem > 0xdfc00000-0xdfc1ffff irq 16 at device 8.0 on pci7 > em5: port 0x9400-0x943f mem > 0xdfc20000-0xdfc3ffff irq 17 at device 8.1 on pci7 > em6: port 0xa000-0xa03f mem > 0xdfd00000-0xdfd1ffff irq 16 at device 8.0 on pci8 > em7: port 0xa400-0xa43f mem > 0xdfd20000-0xdfd3ffff irq 17 at device 8.1 on pci8 > fxp0: port 0xb000-0xb03f mem > 0xdfe20000-0xdfe20fff,0xdfe00000-0xdfe1ffff irq 16 at device 4.0 on pci14 > > If I disable the polling, no network interface work, begins to display "em4 > watchdog timeout". Sorry, no ideas about polling, but this doesn't smell like just an IPFW issue. I was pointing out that despite 20 times the CPU clock rate, probably at least 30 times CPU throughput and likely 10 times the tick rate, you appear to be suffering something like 30 to 900 times the increased latency to be expected by traversing 'too many' ipfw rules. > Ian Smith escreveu: > > On Fri, 24 Apr 2009, Daniel Dias Gonçalves wrote: > > > > > The latency in the interface em6 increased an average of 10ms to 200 ~ > > 300ms > > > Hardware: > > > CPU: Intel(R) Xeon(TM) CPU 3.20GHz (3200.13-MHz 686-class CPU) > > > Logical CPUs per core: 2 > > > FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs > > > cpu0: on acpi0 > > > p4tcc0: on cpu0 > > > cpu1: on acpi0 > > > p4tcc1: on cpu1 > > > cpu2: on acpi0 > > > p4tcc2: on cpu2 > > > cpu3: on acpi0 > > > p4tcc3: on cpu3 > > > SMP: AP CPU #1 Launched! > > > SMP: AP CPU #3 Launched! > > > SMP: AP CPU #2 Launched! > > > > real memory = 9663676416 (9216 MB) > > > avail memory = 8396738560 (8007 MB) > > > > In that case, there really is something else wrong. By my measurements, > > rummaging through most of >1000 rules on a old 166MHz Pentium to get to the > > icmp allow rules (ridiculous, I know) added about 2ms to local net pings > > via that box, ie 1ms each pass for about 900 rules, mostly counts. cheers, Ian --0-1620027708-1240893216=:89549--