On Fri, 12 Oct 2001, Alfred Perlstein wrote:

> > The network is 100mbps, switched.  To simulate load, I used a syn flooder
> > aimed at an unused port.  icmp/rst response limiting was enabled.
> Actually, you might want to leave that on, it will generate more load.

I considered leaving it on, but I'm not sure if that would be constructive
or not.  The primary problem with doing that is related to my test setup -
as we see from the stable -> current attack, my current box couldn't take
the interrupt load of that many incoming packets, which would slow down
the outgoing packets.  If I had a better test setup, I'd like to try that.

> > Before: ~46000 ints/sec, 57-63% processor usage due to interrupts.
> > After: ~38000 ints/sec, 50-60% processor usage due to interrupts.
> >
> > In both cases, the box felt responsive.
> You need to get real hardware to run these tests, obviously you aren't
> saturating your line.  I would suspect a better test would be to see
> how many pps you get can at the point where cpu utlization reaches
> 100%.  Basically start at a base of 60,000pps, and see how many more
> it takes to drive them both to 100%.
> Even your limited tests show a mean improvement of something like
> 10%.
> 10% isn't earth shattering, but it is a signifigant improvement.

Yes, there is some improvement, but I'm not sure that the actual effect is
worthwhile.  Even with the 10% decrease, you're still going to kill the
box if the interrupt count goes much higher.

If you can setup a 4.4+this patch test of some sort with varying loads to
see the effect, maybe we could characterize the effect of the patch more.
With my setup, I don't think I can really take this testing any further.

Mike "Silby" Silbersack

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to