I'm currently running 8.2, IPFW, and our internal libpcap logging tool, on two different hardware flavors for our gateway firewalls (inline bridge). Our lower end unit is an Intel Dual Core 2.7Ghz proc with onboard gigabit Broadcom (bce) NICS. Our higher end units have an Intel Quad Core Xeon 3.0Ghz and Intel Pro Server gigabit (igb) NICS.
We've just started running our libpcap logging tool, which logs interesting packet flows traversing across the bridge and I'm looking to tune these for maximum performance and had a few questions:
1) Should I be using polling on either flavor or are both of these CPU's plenty capable of keeping up with interrupts?
2) If our libpcap logging tool is passively sniffing the bridge interface, is it able to cause any sort of packet loss due to poor performance. From my understanding it's possible the logging tool would saturate CPU usage, causing the kernel to drop packets? In this case, is there a way I can ensure the logging tool runs on dedicated to a specific core in order to avoid situations like this?
3) Will I see any considerable performance impact by offloading checksums on the Intel NICS?
I'm interested to hear if anyone sees any major red flags or must have tunables that would seriously impact performance in a situation like this
Thanks!
We've just started running our libpcap logging tool, which logs interesting packet flows traversing across the bridge and I'm looking to tune these for maximum performance and had a few questions:
1) Should I be using polling on either flavor or are both of these CPU's plenty capable of keeping up with interrupts?
2) If our libpcap logging tool is passively sniffing the bridge interface, is it able to cause any sort of packet loss due to poor performance. From my understanding it's possible the logging tool would saturate CPU usage, causing the kernel to drop packets? In this case, is there a way I can ensure the logging tool runs on dedicated to a specific core in order to avoid situations like this?
3) Will I see any considerable performance impact by offloading checksums on the Intel NICS?
I'm interested to hear if anyone sees any major red flags or must have tunables that would seriously impact performance in a situation like this
Thanks!