Re: Firewall, high interrupt load, is this a driver problem (dc) ?

Tue, 23 Jan 2007 05:14:14 -0800 

Here is usefull details from Henning (thanks!)

-------- Message original --------
Sujet: Re: Firewall, high interrupt load, is this a driver problem (dc) ?
Date: Tue, 23 Jan 2007 11:42:22 +0100
De: Henning Brauer <[EMAIL PROTECTED]>
Pour: Ronnie Garcia <[EMAIL PROTECTED]>
Rifirences: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> 

* Ronnie Garcia <[EMAIL PROTECTED]> [2007-01-23 11:19]:
> Hey Henning,
>
> Henning Brauer a icrit :
> >* Ronnie Garcia <[EMAIL PROTECTED]> [2007-01-22 21:10]:
>
> >>I'm graphing a lot of kernel/pf variables with cacti, and i'm clearly
> >>seeing the box maxing at 15k interrupts/s.
> >
> >that is not necessarily a problem.
> >

> >>I'm raising 15k interrupts/s when the box is routing approx 13k pps 
and

> >>then the CPU is at 50-55%.
> >
> >at 13k pps you definately want good nics which have proper interrupt
> >mitigation. most gigE NICs fall into that category; sk, msk and em fall
> >definately into that category.
>
> Thanks for your detailled reply.
>
> I guess that you are using (or used) obsd routers/firewalls at BS Web
> Services. They might also handle a high packets rate.

yup

> May i ask what kind of hardware you are using ? Motherboard, CPU, NIC,
> PCI type ?

varying.

> I'm considering buying new hardware for these firewalls, and i'd like
> them to handle a bunch of pps ;)

the install with the highest forwarding rate I know of uses a
Supermicro X6DH8-XB, a 3.2 GHz Xeon and a bunch of em(4. I have
seen it doing 750 MBit/s of real-world traffic at approx 150k pps.
With a full routing table (~205k entries) and a GENERIC kernel it was
running at roughly 80..90% CPU load; the slightly optimized for the task
kernel I have in place there now gives quite some extra headroom. Also,
I expect sk/msk(4) to perform better than em(4), but that has yet to be
proven in real-world conditions.

--
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam















    











					Reply via email to