Dnia czwartek, 25 kwietnia 2013 o 20:24:26 Erich Weiler napisał(a): > > As far as I understand, processing of packets by pf takes place in > > receiving network card's interrupt handler even up to sending the packet > > via another network card (at least in my case, when using route-to > > targets, which make routing inside pf). > > That's interesting. So even though pf is giant locked, you can still > scale the maximum capacity of your firewall, in this case, simply by > adding more CPU cores? To handle the extra interrupts? So more cores = > more packets per second, if you give each extra core an additional > interrupt queue?
There is still some code outside pf that packets from the network pass through. > > How do you count the 140kpps value? One interface, both, in, out? I'd > > like to relate this somehow to my values. > > Well, generally we see 80kpps rx and 40kpps tx. But I have seen the rx > spike to 150kpps occasionally. Unfortunately at this moment I have no single machine with such traffic, although maybe I can aggregate some traffic later and check the cpu usage then. > This is a pfSense box, which includes > RRD graphs of packet rates, that's how I'm getting the number. I'm not > sure how they are obtaining that metric under the hood. But we have not > disabled HT and some other items, so that number will change is my > guess. We also may add another CPU die to the mix to see if we can add > interrupt queues to more cores to increase performance. How many pf rules do you have?. And, as I asked in my previous post, do you create states on both sides of the firewall? -- | pozdrawiam / greetings | powered by Debian, CentOS and FreeBSD | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------' _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"