Re: [Bug 275943] PF Ether Rules : High Cpu Usage

Tue, 26 Dec 2023 07:22:39 -0800 

26.12.23 13:34, [email protected]:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275943

             Bug ID: 275943
            Summary: PF Ether Rules : High Cpu Usage
            Product: Base System
            Version: 14.0-RELEASE
           Hardware: amd64
                 OS: Any
             Status: New
           Severity: Affects Only Me
           Priority: ---
          Component: kern
           Assignee: [email protected]
           Reporter: [email protected]

Hi

When I use pf as Layer3, I don't encounter any performance issues. However,
when I enable Layer2, the CPU usage goes up to 100% and I loose throughput.

Below is htop and iperf during Layer3

```
     0[ 15.7% ]
     1[ 12.6% ]
     2[ 65.4% ]
     3[ 9.4% ]
   Mem[ 1.74G/3.86G ]
   Swp[ 0K/3.79G ]


# iperf3  -c 192.168.1.236 -t 30 -p 5201

[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   111 MBytes   930 Mbits/sec
[  5]   1.00-2.00   sec   111 MBytes   933 Mbits/sec
[  5]   2.00-3.00   sec   111 MBytes   933 Mbits/sec
[  5]   3.00-4.00   sec   111 MBytes   934 Mbits/sec
[  5]   4.00-5.00   sec   111 MBytes   933 Mbits/sec

```

And output for Layer2+Layer3

```
     0[ 12.0% ]
     1[ 7.7% ]
     2[ 100.0% ]
     3[ 4.3% ]
   Mem[ 1.73G/3.86G ]
   Swp[ 0K/3.79G ]



# iperf3  -c 192.168.1.236 -t 30 -p 5201

[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  52.0 MBytes   436 Mbits/sec
[  5]   1.00-2.00   sec  79.7 MBytes   669 Mbits/sec
[  5]   2.00-3.00   sec  79.5 MBytes   667 Mbits/sec
[  5]   3.00-4.00   sec  79.6 MBytes   668 Mbits/sec
[  5]   4.00-5.00   sec  79.4 MBytes   666 Mbits/sec

```




Issues arose after I added this rule to my config file
```
ether anchor "allowed_mac_igb1" on { igb1 }
```


And these are the rules in the anchor
```
ether pass in quick from 00:0c:29:4e:df:8e l3 all tag allowed_mac_igb1 dnpipe
1002
ether pass out quick to 00:0c:29:4e:df:8e l3 all tag allowed_mac_igb1 dnpipe 2
ether pass in quick from 00:0c:29:97:15:80 l3 all tag allowed_mac_igb1 dnpipe
1002
ether pass out quick to 00:0c:29:97:15:80 l3 all tag allowed_mac_igb1 dnpipe 2
ether pass in quick from 00:11:32:52:54:3a l3 all tag allowed_mac_igb1 dnpipe
1002
ether pass out quick to 00:11:32:52:54:3a l3 all tag allowed_mac_igb1 dnpipe 2
.. +270 line
```
As I can see you have single core loaded to 100%. Can it be imact of using dnpipe and not layer2 filtering?

Reply via email to