poor performance with Intel X520 card
Patrick Lamaiziere
patfbsd at davenulle.org
Wed Jul 15 08:47:55 UTC 2020
On Fri, 10 Jul 2020 18:21:11 +0200
Olivier Cochard-Labbé <olivier at freebsd.org> wrote:
Hi Olivier,
> > That is mostly for the record but it looks like the intel X520 is
> > not very good and generates a high level of interrupts.
> >
> > On a router / firewall with 500 Kpps in input (dropped by pf) is
> > enough to put the CPUs at
> > 100% busy.
>
> yes 500 Kpps is quite low: Do you have a very complex long pf rule
> set?
Around 1450 rules in all but only 760 for ix0 in input (quick rules
only). PF ruleset-optimization is set to 'basic' (the default)
It's hard to see if PF is the bottleneck but we graph all PF statistics
each 10 seconds (pfctl -vsi).
input 500 Kpps, traffic dropped 200 Kpps, pfctl matches rules
(counter match) is high with around 270 K matches/s (normally is around
12 K matches/s), pfctl states searches around 300 K/s (normally 200 K/s)
So there is a large number of ruleset evaluations (time costly).
PF congestion counter is always = 0, I'm not sure if this counter works
on FreeBSD - I'm sure it works on OpenBSD :)
On FreeBSD does PF congestion increase if PF is not able to
handle the load? (On OpenBSD when congestion occurs, PF stops to
evaluate the ruleset for a litle time and only evaluates states
matches).
Thanks, I guess I have to find a packets generator to make tests.
More information about the freebsd-net
mailing list