On 2020-05-04, Kalle Kadakas <kallekada...@gmail.com> wrote: > Greetings OpenBSD community, > > I am running into severe bandwidth limitations whilst passing traffic > through an OpenBSD firewall. > The NIC in use is an Intel 10Gb 2-port X520 adapter from which I would > hope to pass through at least 7Gbps+, yet the best results I have > gotten is only around 3.5Gbps. > > The results of bandwidth measurements (iperf for 30sec, lacp trunk is > 2x10 Gbps, without carp means that the IP was moved on top of VLAN > direcly): > PF+carp+isakmpd+lacp = 2.03 Gbits/sec > PF+isakmpd+lacp = 2.88 Gbits/sec > PF+lacp = 2.53 Gbits/sec > lacp = 2.90 Gbits/sec > W/O LACP single direct 10 Gbps link to OpenBSD box = 3.44 Gbits/sec
Are you measuring iperf running on the router itself? Because that won't tell you anything about forwarding performance. I don't know what you'll see (definitely don't expect wirespeed and to be honest I'll be pretty surprised if you get 7Gb) but performance for routing is usually higher than performance for sending traffic from the machine itself. > In the full setup the interface hierarchy goes like this: > ix0+ix1 > trunk0 > vlanXXX > carpXXX Since you use LACP, you can try the newer aggr(4) interface instead of trunk(4), it may help a bit. > Tested the bandwidth also with 1, 2, 4 cores but that did not change > the results for the better (left it at 4). OpenBSD only makes partial use of multiple cores for now.
