[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Speed issues with bridge firewall



> On Monday 01 September 2003 19:20, Mathew Binkley wrote:
> > So our bridging firewall achieves ~84% of full line speed.  However,
> > during testing the firewall had a load level of 4.3.  There doesn't
> > appear to be any packet loss, but I'm not sure if it is affecting
> > latency or not.  Does anyone know a good way of testing that?  The
> > firewall console is completely frozen when it's under that stress.
>
> ...too many interrupts...
>
>
> > Does OpenBSD 3.3 not support zero-copy?  Or is there something trivial
> > I'm missing here?  I wouldn't have expecting bridging to put that kind
> > of load on the CPU.
>
> Device Polling is the answer...
>
> [email protected] said he was working on it.
>
> I hope someone will find time to port FreeBSD code.
> Here you can find an explanation with code.
>
Maybe you give pf on FreeBSD a try: http://pf4freebsd.love2party.net/ this
will give you said device polling and allows you to use the second
processor. Once the netlocking is done, you will maybe even see a further
speedup. On the other hand, bridging on FreeBSD with pf filtering is not
working propperly without a patch. We hope that 5.2R will have solutions for
that.
Max