Hello,
thanks for good news.
On Wed, Apr 21, 2021 at 10:32:08PM +0200, Alexander Bluhm wrote:
> On Wed, Apr 21, 2021 at 09:59:53PM +0200, Alexandr Nedvedicky wrote:
> > was pf(4) enabled while running those tests?
>
> Yes.
>
> > if pf(4) was enabled while those tests were running,
> > what rules were loaded to to pf(4)?
>
> Default pf.conf:
>
</snip>
>
> Linux iperf3 is sending 10 TCP streams in parallel over OpenBSD
> forward machine. I see 22 iperf3 states on pf(4).
>
> > if I remember
> > correctly I could see performance boost by factor ~1.5 when running those
> > tests
> > with similar diff applied to machines provided by hrvoje@.
>
> Multiqueue support for ix(4) has improved. Maybe that is why I see
> factor 2 . Machine has 4 cores. The limit seems to be the 10Gig
> interface, although we do not use it optimally.
>
in my testing I hit state table size limit (1 million states). the test
tool (t-rex traffic generator from cisco [1]) was hammering firewall with
various connections (pop/imap/http...) emulating real network clients and
servers. the throughput/latency got worse as soon as state table filled up.
I'll eventually repeat those tests to get fresh numbers.
thanks and
regards
sashan
[1] https://trex-tgn.cisco.com/
