Le Tue, 22 Feb 2011 18:09:32 +0100, Patrick Lamaiziere <patf...@davenulle.org> a icrit :
> (4.8/amd64) > I'm using two ethernet cards Intel 1000/PRO quad ports (gigabit) on a > firewall (one fiber and one copper). > > The problem is that we don't get more than ~320 Mbits/s of bandwith > beetween the internal networks and internet (gigabit). > > As far I can see, on load there is a number of "Ierr" on the interface > connected to Internet (between 1% to 5%). > > ------ > dmesg (on 4.8): > em0 at pci5 dev 0 function 0 "Intel PRO/1000 QP (82571EB)" rev > 0x06: apic 1 int 13 (irq 14), address 00:15:17:ed:98:9d > > em4 at pci9 dev 0 function 0 "Intel PRO/1000 QP (82575GB)" rev 0x02: > apic 1 int 23 (irq 11), address 00:1b:21:38:e0:80 Hello, This issue (IERR on em) looks to be fixed on 5.0. With 4.8 and 4.9 there were IERR errors with traffic > 150 Mbs. With 5.0 there are only few IERR from time to time, even on high load (> 400 Mbits/s, 40K packets/s in, 30K packets/s out) I guess that the fixes on em(4) helps. May be the use of MSI interrupts too because I see a significant improvement on CPU interrupt load (around 60% in load to 50% with 5.0). (the measures are averaged on 5 minutes) That's cool! There are still some PF congestions from time to time but I have to investigate. It happens even when the box is idle but may be there are some burst of traffic. The box has 6 interfaces and I don't believe it can handle 6 Gbits at once. Too finish this too long thread, since february we (an university) are very happy with the reliability of our two PF firewalls, that just works. Thanks a lot, regards.
