Re: [Bug 275943] PF Ether Rules : High Cpu Usage

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 275943] PF Ether Rules : High Cpu Usage"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Oleksandr Kryvulia <shuriku_at_shurik.kiev.ua>
Date: Tue, 26 Dec 2023 15:22:22 UTC

26.12.23 13:34, bugzilla-noreply@freebsd.org:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275943
>
>              Bug ID: 275943
>             Summary: PF Ether Rules : High Cpu Usage
>             Product: Base System
>             Version: 14.0-RELEASE
>            Hardware: amd64
>                  OS: Any
>              Status: New
>            Severity: Affects Only Me
>            Priority: ---
>           Component: kern
>            Assignee: bugs@FreeBSD.org
>            Reporter: 32carleone@gmail.com
>
> Hi
>
> When I use pf as Layer3, I don't encounter any performance issues. However,
> when I enable Layer2, the CPU usage goes up to 100% and I loose throughput.
>
> Below is htop and iperf during Layer3
>
> ```
>      0[ 15.7% ]
>      1[ 12.6% ]
>      2[ 65.4% ]
>      3[ 9.4% ]
>    Mem[ 1.74G/3.86G ]
>    Swp[ 0K/3.79G ]
>
>
> # iperf3  -c 192.168.1.236 -t 30 -p 5201
>
> [ ID] Interval           Transfer     Bitrate
> [  5]   0.00-1.00   sec   111 MBytes   930 Mbits/sec
> [  5]   1.00-2.00   sec   111 MBytes   933 Mbits/sec
> [  5]   2.00-3.00   sec   111 MBytes   933 Mbits/sec
> [  5]   3.00-4.00   sec   111 MBytes   934 Mbits/sec
> [  5]   4.00-5.00   sec   111 MBytes   933 Mbits/sec
>
> ```
>
> And output for Layer2+Layer3
>
> ```
>      0[ 12.0% ]
>      1[ 7.7% ]
>      2[ 100.0% ]
>      3[ 4.3% ]
>    Mem[ 1.73G/3.86G ]
>    Swp[ 0K/3.79G ]
>
>
>
> # iperf3  -c 192.168.1.236 -t 30 -p 5201
>
> [ ID] Interval           Transfer     Bitrate
> [  5]   0.00-1.00   sec  52.0 MBytes   436 Mbits/sec
> [  5]   1.00-2.00   sec  79.7 MBytes   669 Mbits/sec
> [  5]   2.00-3.00   sec  79.5 MBytes   667 Mbits/sec
> [  5]   3.00-4.00   sec  79.6 MBytes   668 Mbits/sec
> [  5]   4.00-5.00   sec  79.4 MBytes   666 Mbits/sec
>
> ```
>
>
>
>
> Issues arose after I added this rule to my config file
> ```
> ether anchor "allowed_mac_igb1" on { igb1 }
> ```
>
>
> And these are the rules in the anchor
> ```
> ether pass in quick from 00:0c:29:4e:df:8e l3 all tag allowed_mac_igb1 dnpipe
> 1002
> ether pass out quick to 00:0c:29:4e:df:8e l3 all tag allowed_mac_igb1 dnpipe 2
> ether pass in quick from 00:0c:29:97:15:80 l3 all tag allowed_mac_igb1 dnpipe
> 1002
> ether pass out quick to 00:0c:29:97:15:80 l3 all tag allowed_mac_igb1 dnpipe 2
> ether pass in quick from 00:11:32:52:54:3a l3 all tag allowed_mac_igb1 dnpipe
> 1002
> ether pass out quick to 00:11:32:52:54:3a l3 all tag allowed_mac_igb1 dnpipe 2
> .. +270 line
> ```
>

As I can see you have single core loaded to 100%. Can it be imact of 
using dnpipe and not layer2 filtering?