[CFT] SMP-friendly pf

Gleb Smirnoff glebius at FreeBSD.org
Thu Jun 28 12:35:52 UTC 2012

  Hello, again.

On Fri, Jun 08, 2012 at 10:17:37AM +0400, Gleb Smirnoff wrote:
T>   Three and a half months ago I've started on a project "SMP-friendly pf",
T> which recently have entered alpha stage. As you see from the subject of this
T> mail, this is call for testing.

  I'm bit disappointed that my announce get so little response.

Anyway, here are some results from running in production. This
time on a busy router, that got a noticable load during busiest
hours. It has complex ruleset with almost 400 rules, 21 vlan(4)
interfaces running on top of lagg(4) and serves about 30 subnets
of different size. Some subnets are behind NAT, and some or
simple routed. The router usually got somewhere between 20k to
60k states and 120k pf searches per second, with peaks up to
140k searches.

  It has 4 cores and runs igb(4) NICs.

  After migrating to experimental pf branch on, the CPU load
during busiest hours has dropped significantly:


A more recent pic (taken right now):


Each high peak is a working day (in Russia in June we have had a
6 day week followed by 3 day week). The thin red peak is buildworld+buildkernel,
and after it the box was rebooted and since runs with SMP-friendly pf.
As you may notice, after migration the working day peaks are much lower
than before. Traffic volume is the same, I've checked this :)

  I hope these results would encourage someone to participate in
early testing. :)

Totus tuus, Glebius.

More information about the freebsd-pf mailing list