[Bug 275943] PF Ether Rules : High Cpu Usage

Reply: Oleksandr Kryvulia : "Re: [Bug 275943] PF Ether Rules : High Cpu Usage"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275943] PF Ether Rules : High Cpu Usage"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 26 Dec 2023 11:34:12 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275943

            Bug ID: 275943
           Summary: PF Ether Rules : High Cpu Usage
           Product: Base System
           Version: 14.0-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: 32carleone@gmail.com

Hi

When I use pf as Layer3, I don't encounter any performance issues. However,
when I enable Layer2, the CPU usage goes up to 100% and I loose throughput.

Below is htop and iperf during Layer3

```
    0[ 15.7% ]
    1[ 12.6% ]
    2[ 65.4% ]
    3[ 9.4% ]
  Mem[ 1.74G/3.86G ]
  Swp[ 0K/3.79G ]


# iperf3  -c 192.168.1.236 -t 30 -p 5201

[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   111 MBytes   930 Mbits/sec                  
[  5]   1.00-2.00   sec   111 MBytes   933 Mbits/sec                  
[  5]   2.00-3.00   sec   111 MBytes   933 Mbits/sec                  
[  5]   3.00-4.00   sec   111 MBytes   934 Mbits/sec                  
[  5]   4.00-5.00   sec   111 MBytes   933 Mbits/sec  

```

And output for Layer2+Layer3

```
    0[ 12.0% ]
    1[ 7.7% ]
    2[ 100.0% ]
    3[ 4.3% ]
  Mem[ 1.73G/3.86G ]
  Swp[ 0K/3.79G ]



# iperf3  -c 192.168.1.236 -t 30 -p 5201

[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  52.0 MBytes   436 Mbits/sec                  
[  5]   1.00-2.00   sec  79.7 MBytes   669 Mbits/sec                  
[  5]   2.00-3.00   sec  79.5 MBytes   667 Mbits/sec                  
[  5]   3.00-4.00   sec  79.6 MBytes   668 Mbits/sec                  
[  5]   4.00-5.00   sec  79.4 MBytes   666 Mbits/sec  

```




Issues arose after I added this rule to my config file
```
ether anchor "allowed_mac_igb1" on { igb1 }
```


And these are the rules in the anchor
```
ether pass in quick from 00:0c:29:4e:df:8e l3 all tag allowed_mac_igb1 dnpipe
1002
ether pass out quick to 00:0c:29:4e:df:8e l3 all tag allowed_mac_igb1 dnpipe 2
ether pass in quick from 00:0c:29:97:15:80 l3 all tag allowed_mac_igb1 dnpipe
1002
ether pass out quick to 00:0c:29:97:15:80 l3 all tag allowed_mac_igb1 dnpipe 2
ether pass in quick from 00:11:32:52:54:3a l3 all tag allowed_mac_igb1 dnpipe
1002
ether pass out quick to 00:11:32:52:54:3a l3 all tag allowed_mac_igb1 dnpipe 2
... +270 line
```

-- 
You are receiving this mail because:
You are the assignee for the bug.