Re: PF with gigabit voice/video streams

2011-06-08 Thread Henning Brauer 
* Eric K. Miller emil...@thecreation.com [2011-06-03 22:31]:
  Are you running -current? There have been some massive tweaks in
 networking performance in -current. Try out and report back.
 
 We were running 4.7 amd64 version (GENERIC.MP).  Also tried the single
 processor version.
 
 Intel Pro/1000 MT cards were used.
 
 I should mention that we had a large number of virtual interfaces (300+)
 for routing traffic among these VLANs.  So maybe this was the cause.

I can immediately come up with 5 changes after 4.7 that massively
change the picture, so that comparision is useless.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: PF with gigabit voice/video streams

2011-06-07 Thread Gabriel Linder 

On 06/03/11 20:48, Eric K. Miller wrote:

I might start a capabilities war, but we've seen OpenBSD become CPU
bound with about 150k packets per second with some pretty fast hardware.


Funny, I have more than 300kpps. With pf enabled, of course.


This is without PF running.  I'm sure there are a million tweaks that
can be done to improve this, but expecting OpenBSD + PF to process small
packets (lets say 128 byte packets on average), resulting in 1 million
packets per second on a full 1Gbps connection, is probably not going
to happen.

Re: PF with gigabit voice/video streams

2011-06-04 Thread Camiel Dobbelaar 
On 4-6-2011 0:04, Stuart Henderson wrote:
 On 2011-06-03, Eric K. Miller emil...@thecreation.com wrote:
 Are you running -current? There have been some massive tweaks in
 networking performance in -current. Try out and report back.

 We were running 4.7 amd64 version (GENERIC.MP).  Also tried the single
 processor version.

 Intel Pro/1000 MT cards were used.

 I should mention that we had a large number of virtual interfaces (300+)
 for routing traffic among these VLANs.  So maybe this was the cause.
 
 after 4.9 we switched to an RB tree for local address lookups,
 I think this is likely to help that situation.
 
 there is also a hash and sequentially-searched list used for vlan
 tag lookup; dlg looked at replacing it with an RB tree before, iirc
 it made things worse on some machines (probably those with microscopic
 caches) but it's probably worth re-checking that...

A simpler option may be to bump the hash size (TAG_HASH_SIZE) which only
has 32 buckets now.  Maybe even to 4096.

Re: PF with gigabit voice/video streams

2011-06-04 Thread Paul de Weerd 
On Fri, Jun 03, 2011 at 10:05:21PM +, Stuart Henderson wrote:
| On 2011-06-03, Amit Kulkarni amitk...@gmail.com wrote:
|  If the driver is em for Intel Pro/1000 MT, that has received a serious
|  boost. People are reporting close to light speed :-)
| 
| nah, close to light speed is on the MF, not MT.

Propagation speed in fibre optic cabling is ~182.000 km/s (.61c).  For
copper cabling, this ranges from .59c to .77c, with CAT5 around .64c.
That would make MT faster than MF.

Paul 'WEiRD' de Weerd

-- 
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/

PF with gigabit voice/video streams

2011-06-03 Thread Michael W. Lucas 
Hi,

I'm looking for a NAT/firewall/VPN solution with failover for a
private enterprise TV system.  While my gut reaction is PF, I'm
wondering if anybody here has done this before.

Video and voice send large numbers of small packets.  I'm told that
this particular application can fill a gigabit Ethernet.

I've found pps discussions on the Internet, of course, but they're
mostly dated. And I haven't found anything on copious voice or video
and PF.

So, anybody care to share their experience with PF in this space?

Thanks,
==ml

-- 
Michael W. Lucas
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Latest book: Network Flow Analysis http://www.networkflowanalysis.com/
mwlu...@blackhelicopters.org, Twitter @mwlauthor

Re: PF with gigabit voice/video streams

2011-06-03 Thread Eric K. Miller 
Hi Michael,

 I'm looking for a NAT/firewall/VPN solution with failover for a
private enterprise TV system.  While my gut reaction is PF, I'm
wondering if anybody here has done this before.

I might start a capabilities war, but we've seen OpenBSD become CPU
bound with about 150k packets per second with some pretty fast hardware.
This is without PF running.  I'm sure there are a million tweaks that
can be done to improve this, but expecting OpenBSD + PF to process small
packets (lets say 128 byte packets on average), resulting in 1 million
packets per second on a full 1Gbps connection, is probably not going
to happen.

Eric

Re: PF with gigabit voice/video streams

2011-06-03 Thread Amit Kulkarni 
  I'm looking for a NAT/firewall/VPN solution with failover for a
 private enterprise TV system.  While my gut reaction is PF, I'm
 wondering if anybody here has done this before.
 
 I might start a capabilities war, but we've seen OpenBSD become CPU
 bound with about 150k packets per second with some pretty fast hardware.
 This is without PF running.  I'm sure there are a million tweaks that
 can be done to improve this, but expecting OpenBSD + PF to process small
 packets (lets say 128 byte packets on average), resulting in 1 million
 packets per second on a full 1Gbps connection, is probably not going
 to happen.

Are you running -current? There have been some massive tweaks in 
networking performance in -current. Try out and report back.

Re: PF with gigabit voice/video streams

2011-06-03 Thread Eric K. Miller 
 Are you running -current? There have been some massive tweaks in
networking performance in -current. Try out and report back.

We were running 4.7 amd64 version (GENERIC.MP).  Also tried the single
processor version.

Intel Pro/1000 MT cards were used.

I should mention that we had a large number of virtual interfaces (300+)
for routing traffic among these VLANs.  So maybe this was the cause.

Eric

Re: PF with gigabit voice/video streams

2011-06-03 Thread Christiano F. Haesbaert 
On 3 June 2011 17:25, Eric K. Miller emil...@thecreation.com wrote:
 Are you running -current? There have been some massive tweaks in
 networking performance in -current. Try out and report back.

 We were running 4.7 amd64 version (GENERIC.MP).  Also tried the single
 processor version.

 Intel Pro/1000 MT cards were used.

 I should mention that we had a large number of virtual interfaces (300+)
 for routing traffic among these VLANs.  So maybe this was the cause.

 Eric



Do some tests with tcpbench in UDP mode with different packet sizes,
it might give you an idea.

Re: PF with gigabit voice/video streams

2011-06-03 Thread Amit Kulkarni 
 Are you running -current? There have been some massive tweaks in
 networking performance in -current. Try out and report back.

 We were running 4.7 amd64 version (GENERIC.MP).  Also tried the single
 processor version.

 Intel Pro/1000 MT cards were used.

 I should mention that we had a large number of virtual interfaces (300+)
 for routing traffic among these VLANs.  So maybe this was the cause.

 Eric



If the driver is em for Intel Pro/1000 MT, that has received a serious
boost. People are reporting close to light speed :-)

Search for the thread Performance degradation after upgrade. The
devs have made networking for certain cards blazingly fast, its a
ongoing process.

So your comment might be way off. You need to test with -current if
possible and then report back if gigabit voice/video perf is still bad
even with your setup.

Re: PF with gigabit voice/video streams

2011-06-03 Thread Eric K. Miller 
 If the driver is em for Intel Pro/1000 MT, that has received a serious
boost. People are reporting close to light speed :-)

Wow, that's pretty fast. =)  I think...? ;)

 Search for the thread Performance degradation after upgrade. The
devs have made networking for certain cards blazingly fast, its a
ongoing process.

I thought most of these issues were related to 4.8 and 4.9-current.
I'll do a search and do some reading.  I've always been looking for the
best card(s) and version to use, but there's only so much time and
money.

 So your comment might be way off. You need to test with -current if
possible and then report back if gigabit voice/video perf is still bad
even with your setup.

I hope so.  The OP should probably try it themselves and report back.
For our environment, we've already begun the transition to
hardware-based routing (OpenFlow-based) since we need mega-Mpps
ultimately, but it's nice to see continued progress since we may still
have needs at the edge for high-performance routing and services running
on OpenBSD.

Thanks for your reply!

Eric

Re: PF with gigabit voice/video streams

2011-06-03 Thread Stuart Henderson 
On 2011-06-03, Eric K. Miller emil...@thecreation.com wrote:
 Are you running -current? There have been some massive tweaks in
 networking performance in -current. Try out and report back.

 We were running 4.7 amd64 version (GENERIC.MP).  Also tried the single
 processor version.

 Intel Pro/1000 MT cards were used.

 I should mention that we had a large number of virtual interfaces (300+)
 for routing traffic among these VLANs.  So maybe this was the cause.

after 4.9 we switched to an RB tree for local address lookups,
I think this is likely to help that situation.

there is also a hash and sequentially-searched list used for vlan
tag lookup; dlg looked at replacing it with an RB tree before, iirc
it made things worse on some machines (probably those with microscopic
caches) but it's probably worth re-checking that...

Re: PF with gigabit voice/video streams

2011-06-03 Thread Stuart Henderson 
On 2011-06-03, Amit Kulkarni amitk...@gmail.com wrote:
 If the driver is em for Intel Pro/1000 MT, that has received a serious
 boost. People are reporting close to light speed :-)

nah, close to light speed is on the MF, not MT.