IPFW high cpu usage

[Cahit]

Hello ,

our server getting a heavy ddos attack and i do not understand that , what if i block the attack on ipfw or not , cpu usage is the same.

Why that happens ?

Also does it possible to irq ethernet card to more cpu cores ?

 

[SirDice]

Blocking traffic on the firewall doesn't actually stop the traffic from arriving.

 

[Cahit]

Blocking traffic on the firewall doesn't actually stop the traffic from arriving.

Thank you for the reply ,

I want to let it use 16 cores , should you help me to deal with this ?
Normally intel nic's has capability of Multi-Queue / Receive-Side Scaling settings to increase balance on CPU cores. But i could not find how to edit this properties on freebsd. Also IRQ does not accept the use more than 8 cores for this nic. I think it is sth. about the nic chips on freebsd because i tryed with a broadcam normal gigabit nic it used only 2 cores.

 

[phoenix]

The NIC driver may be multi-queue, and can use multiple CPU cores. However, IPFW is mostly single-threaded, and will be the bottleneck.

You should check if there's a way to block the traffic further upstream.