Date: Fri, 27 Dec 2013 14:25:28 +0400 From: "Alexander V. Chernikov" <melifaro@FreeBSD.org> To: "Denis V. Klimkov" <falcon@tcm.by>, freebsd-net@freebsd.org Subject: Re: ipfw verrevpath performance broken in 9.2 Message-ID: <52BD5598.9020100@FreeBSD.org> In-Reply-To: <21356442.20131227093416@tcm.by> References: <21356442.20131227093416@tcm.by>
next in thread | previous in thread | raw e-mail | index | archive | help
On 27.12.2013 10:34, Denis V. Klimkov wrote: > Hello Freebsd-net, Hi! > > Recently upgraded router system from 9.0-RELEASE to 9.2-STABLE and > got 100% CPU utilisation on all cores with interrupts under the same > load that had about 25-30% CPU utilisation before. Of course that lead Looks interesting. Are you sure all other configs/data load are the same? I'm particularly interested in changes in: number of NIC queues, their bindings and firewall ruleset. Can you share your traffic rate (e.g. netstat -i -w1), cpu info and NIC info? What does system load (without verrevpath) looks like in comparison with 9.0 (in terms of CPU _and_ packets/sec) ? > to high latency (about 400 ms and packet loss). > Load reduced immediately after I removed all ipfw antispoofing rules with > "verrevpath": > 11010 3659429 430047150 deny ip from any to any not verrevpath in via vlan6 > 11020 719931 58619220 deny ip from any to any not verrevpath in via vlan7 > 11025 68141 5144481 deny ip from any to any not verrevpath in via vlan8 > 11030 202144 6785732 deny ip from any to any not verrevpath in via vlan9 > 11040 171291 56196945 deny ip from any to any not verrevpath in via vlan10 > 11045 291914032 39427773226 deny ip from any to any not verrevpath in via vlan11 > 11060 6102962 441745213 deny ip from any to any not verrevpath in via vlan15 > 11070 4832442 1259880158 deny ip from any to any not verrevpath in via vlan16 > 11080 814769 95745079 deny ip from any to any not verrevpath in via vlan17 > 11101 2901098 628552748 deny ip from any to any not verrevpath in via vlan26 > 11102 1264750 146468688 deny ip from any to any not verrevpath in via vlan27 > 11110 902441 294155831 deny ip from any to any not verrevpath in via vlan21 > 11120 628324 31060933 deny ip from any to any not verrevpath in via vlan23 > 11130 1381 83245 deny ip from any to any not verrevpath in via vlan24 > 11138 4258607 3389925416 deny ip from any to any not verrevpath in via vlan31 > 11150 56 2792 deny ip from any to any not verrevpath in via vlan40 > > Is there a way to fix verrevpath performance issue in 9.2 and futher? > There is no problem to remove this rules on this system, but I also > have 2 systems running MPD with about 2000 PPPoE ng interfaces with > very handy ipfw rule "deny ip from any to any not verrevpath in via There were no changes related to verrevpath directly, but there were some related to generic netgraph/lookup performance. I've got some idea about what can be happening here, but I need your numbers/other info first. > ng*". > > --- > Denis V. Klimkov > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52BD5598.9020100>