Packet filter performance on SMP
Julian Elischer
julian at elischer.org
Tue Feb 17 10:36:38 PST 2009
Oliver Fromme wrote:
> Hi,
>
> I've asked this a week ago on the -ipfw list, but got no
> reply ... The -net list might be more appropriate.
>
> I'll have to implement a packet filter on machines with
> several cores (4 to 8). Which one of the available filters
> (IPFW, IPF, PF) will provide the best performance on such
> SMP machines? I heard that PF doesn't support SMP hardware
> very well -- is that true? Will IPFW be better?
Not a lot of testing has been done on this topic yet.
I know that this is not what you want to hear but it
is possible that you might be the person to try it out
(using the tunables to disable different number of CPUs)
and see how it works out.
let us know if you get any interesting results.
Ipfw has a single rw lock guarding the entire rule set but it
only does a reader lock on packet processing so multiple CPUs
can be in there at the same time. It does not however protect
the statistics on each rule so if two cpus try update the stats
at the same time, one of them will miss out. (this has been
considered an acceptable loss of accuracy in order to
maintain throughput I guess).
> Thanks for any insights.
>
> Best regards
> Oliver
>
More information about the freebsd-net
mailing list