Hi Stuart, Good to hear from you! Hope you are well.
>> 1) Will 5.9 have a 64bit integer for the queue sizes, or are we still >> limited to ~4294M? > There haven't been any changes in that area. Hi Henning, with the current MP works in progress this limit is about to become a very superficial bottleneck for a lot of people? I know it hasn't been as issue in the past as no one could get close to 4.3Gbps anyway.. Do you think you will find time to change this to a 64bit on -current soon? >> 2) When 5.9 comes out, will the new ARC routing table be enabled by >> default? If not can we turn it on without building from source? >ART not ARC. It's not enabled by default, you'll need to build a new kernel to use it. Any clues how to enable "ART" when building? ;) >> 3) Does anyone know which parts of the Network stack will have MP support >> in 5.9? >> MP NIC Interrupts, yes/no? >> MP Network Stack, yes/no? >> MP Queueing, yes/no? >> MP PF, yes/no? >> HW Offloading and other general MP NIC driver stuff (em(), ix()) yes/no? >> Any other important parts needing MP? Knowing these would be helpful to gauge performance expectations in testing.. Hahaha, yes. Managing Commercial Firewalls = Shoot me now! PS; I have also updated the OpenBSD Packet Flow diagram some more; https://www.lucidchart.com/publicSegments/view/06b87350-b11c-4732-a72c-5842126d9058 Please fire over any corrections please. I haven't had an answer to this query though, can anyone help? " I would suggesting adding a box for "Address & Port Translation (nat-to, rdr-to, binat-to, af-to)" right after "State Generate" in both ingress and egress, and have the "state exists" path merge into that step. I'll bow to your knowledge if you tell me this is correct, but isn't the state created *after* the nat-to/rdr-to etc is applied as the state stores both the inside IP and the outside IP etc? Or does this second box also append this extra info to the state that was created at the previous step (Packet Filtering)? Thanks everyone, Andy. On Sun, Feb 7, 2016 at 9:06 PM, Stuart Henderson <[email protected]> wrote: > On 2016-02-07, Andy Lemin <[email protected]> wrote: > > Hi everyone, > > > > Just a couple very quick 5.9 questions; > > > > > > 1) Will 5.9 have a 64bit integer for the queue sizes, or are we still > > limited to ~4294M? > > There haven't been any changes in that area. > > > 2) When 5.9 comes out, will the new ARC routing table be enabled by > > default? If not can we turn it on without building from source? > > ART not ARC. It's not enabled by default, you'll need to build > a new kernel to use it. > > > 3) Does anyone know which parts of the Network stack will have MP support > > in 5.9? > > MP NIC Interrupts, yes/no? > > MP Network Stack, yes/no? > > MP Queueing, yes/no? > > MP PF, yes/no? > > HW Offloading and other general MP NIC driver stuff (em(), ix()) yes/no? > > Any other important parts needing MP? > > > > > > It is difficult to understand where we are currently. I know we are > > excitingly close with the MP work (and thank you again for such amazing > > work!), but we need to know for business decision reasons because simply > we > > are growing faster than OpenBSD's performance is, and we also have a new > > VP..... > > > > So I'm deeply saddened to realise that if the MP networking commits do > not > > make it in to get us above 4Gbps in 5.9 we will have to say goodbye to > > OpenBSD for good (I really seriously don't want too because OpenBSD is > > better than *any* firewalls out there, but we are still a business and > need > > to make money, and we need more than 2-4Gbps). > > > > NB; 4Gbps is all we've managed on our current hardware class and 2Gbps > with > > PF enabled. > > > > Hardware: > > Supermicro X9DRW-iF > > 4x 1866 DDR3 DIMMS > > Cpu0/1: Intel(R) Xeon(R) CPU E5-2637 v2 @ 3.50GHz, Turbo+ enabled = > 3600.01 > > MHz (Virtualisation, Hyperthreading and extra Cores disabled) > > Intel 82599 10Gbps NICs > > > > > > We need to be getting closer to 8Gbps with PF enabled by this summer, or > > I've been told to replace OpenBSD with something faster.. FreeBSD can max > > the 10G ports, but FBSD is not good enough for us in many other ways, so > > would mean a move to commercial firewalls (Hurghh). > > > > I REALLY don't want to have to walk away from OpenBSD in my current job > :_( > > > > Cheers, Andy. > > > > Thanks everyone, and good luck on these big changes.. > > > > > > Good luck with the commercial firewalls! [demime 1.01d removed an attachment of type application/pdf which had a name of OpenBSDPFPacketFlow-Jan2016.pdf]
