States not cleared with device polling

F

fbr

Hello,

I'm testing hardware to improve a high load firewall. I'm using HP 360G7 and a Intel Quad port 82571EB (em(4)). In this hardware, if I don't activate DEVICE_POLLING, network rate is very poor and sinusoidale.

If I activate DEVICE_POLLING, network is stable and fast, but:
- in 8.1p8, PF and rules over physical interfaces (em0 and em1) work perfectly, but if I applied PF rules on VLAN interfaces, many states would be never cleared
- in 8-STABLE it is worse, a lot of states are never cleared on physical interfaces

Is it possible to use polling with PF?

Thanks
 
What do you mean by "network rate is very poor" ? :) I'm using freebsd FreeBSD 8.2-RELEASE-p6 with PF without polling and I run 1 Gbit (ca 120 MB/sec) network without any problems. It takes about 30% of CPU only (when I run iperf between VLANs). mby Maybe the problem is in integrated NIC? I've got an external Intel server NIC. After the next restart I will set net.isr.maxthreads=3 and I think, there will be even less single-core % usage.
 
The most important for me is not the bandwith, but the number of current states in PF: we are using applications that made a lot of small packets.

To test it, I'm using a commercial traffic generator. It generate http session, and for it, a transaction is a full http (SYN, get index.htm, FIN). With old server and same network adapter (em(4)), the rate is 18 000 transactions/s.

With HP DL 360 G7 or IBM 3550 M3 and em(4), the rate is less than 5000 transactions/s and looks like an heartbeat, no a regular line.
 
You must log in or register to reply here.
Back
Top