Hi,
I recently switched one of our firewalls from Linux to oBSD 4.0.
Its handling approx 8-9 kpps (in+out) on both interfaces. It has a
D-Link DFE-570TX quad ports NIC (dc driver), two ports are used.
On Linux, the CPU was loaded at approx 20% when, and on oBSD, its
actually loaded at ~30%. No big deal, but on Linux we had queueing
(shaping) with TC/HTB, whereas ALTQ is not (yet) enabled on oBSD.
The CPU usage is almost only "interrupt", as you can see on this top
output :
# top
load averages: 0.09, 0.10, 0.08
19 processes: 18 idle, 1 on processor
CPU states: 0.0% user, 0.0% nice, 0.0% system, 30.4% interrupt, 69.6%
idle
Memory: Real: 9768K/76M act/tot Free: 413M Swap: 0K/2048M used/tot
Note : %CPU interrupt goes from ~15 to ~35%
I tryed to disable PF by loading a minimal conf (pass in all, pass out
all), but the %interrupt did not decrease.
I'm not trying to compare Linux to oBSD but I'm wondering if this could
be because of a bad PCI bus, a bad NIC, or a "bad" driver
implementation. I might change the NIC if its the culprit.
What do you think ?
Another oBSD 4.0 box, which is a router in front of the firewall (thus
handling the same traffic), is only loaded at ~10-15% interrupt. This
one has an Intel PRO/1000MT quad ports card (em driver). (It has other
hardware differences).
Other usefull infos about the firewall :
# uname -a
OpenBSD XX 4.0 GENERIC#1107 i386
# sysctl net.inet.ip.ifq
net.inet.ip.ifq.len=0
net.inet.ip.ifq.maxlen=512
net.inet.ip.ifq.drops=13183292
Note : since i set ifq.maxlen to 512 (was 50), the ifq.drops stopped
growing.
# dmesg |grep cpu
cpu0: Intel(R) Pentium(R) 4 CPU 2.40GHz ("GenuineIntel" 686-class) 2.41 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
cpu0 at mainbus0
# dmesg |grep dc
dc0 at pci2 dev 4 function 0 "DEC 21142/3" rev 0x41: irq 10, address
00:80:c8:cd:c8:21
nsphyter0 at dc0 phy 1: DP83843 10/100 PHY, rev. 0
dc1 at pci2 dev 5 function 0 "DEC 21142/3" rev 0x41: irq 12, address
00:80:c8:cd:c8:22
nsphyter1 at dc1 phy 1: DP83843 10/100 PHY, rev. 0
dc2 at pci2 dev 6 function 0 "DEC 21142/3" rev 0x41: irq 3, address
00:80:c8:cd:c8:23
nsphyter2 at dc2 phy 1: DP83843 10/100 PHY, rev. 0
dc3 at pci2 dev 7 function 0 "DEC 21142/3" rev 0x41: irq 11, address
00:80:c8:cd:c8:24
nsphyter3 at dc3 phy 1: DP83843 10/100 PHY, rev. 0
# dmesg |grep pci
pcib0 at pci0 dev 2 function 0 "SiS 962 ISA" rev 0x25
pciide0 at pci0 dev 2 function 5 "SiS 5513 EIDE" rev 0x00: 651: DMA,
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <ST3802110A>
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 1
cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2
auich0 at pci0 dev 2 function 7 "SiS 7012 AC97" rev 0xa0: irq 12,
SiS7012 AC97
ohci0 at pci0 dev 3 function 0 "SiS 5597/5598 USB" rev 0x0f: irq 5,
version 1.0, legacy support
ohci1 at pci0 dev 3 function 1 "SiS 5597/5598 USB" rev 0x0f: irq 9,
version 1.0, legacy support
ehci0 at pci0 dev 3 function 3 "SiS 7002 USB" rev 0x00: irq 9
sis0 at pci0 dev 4 function 0 "SiS 900 10/100BaseTX" rev 0x91: irq 3,
address 00:0c:6e:d8:4a:59
ppb1 at pci0 dev 14 function 0 "Intel S21152BB PCI-PCI" rev 0x00
pci2 at ppb1 bus 2
dc0 at pci2 dev 4 function 0 "DEC 21142/3" rev 0x41: irq 10, address
00:80:c8:cd:c8:21
dc1 at pci2 dev 5 function 0 "DEC 21142/3" rev 0x41: irq 12, address
00:80:c8:cd:c8:22
dc2 at pci2 dev 6 function 0 "DEC 21142/3" rev 0x41: irq 3, address
00:80:c8:cd:c8:23
dc3 at pci2 dev 7 function 0 "DEC 21142/3" rev 0x41: irq 11, address
00:80:c8:cd:c8:24
isa0 at pcib0
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x16d2
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf1640/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:02:0 ("SiS 962 ISA" rev 0x00)
pcibios0: PCI bus #2 is the last bus
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "SiS 651 PCI" rev 0x02
ppb0 at pci0 dev 1 function 0 "SiS 86C201 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "SiS 650 VGA" rev 0x00: aperture at
0xf0000000, size 0x400000
Kind regards,
--
Ronnie Garcia <r.garcia at ovea dot com>
