10Gbe Tuning?
-
@gonzopancho:
"8Gbps" is not how we measure these things.
Quote PPS or go home.
My bad, lets say I need NAT (PAT really) for 500kpps
-
There is an active internal project to get the performance of 'pf' up.
-
@gonzopancho:
There is an active internal project to get the performance of 'pf' up.
Would be nice to know a little more about that project. For the time being, how near that mark can I get with a Xeon E5520/E5620, PCIe and a decent 10GbE Intel NIC?.
Should I stay with 2.1.5 or venture with 2.2 ALPHA because of the FreeBSD 10 baseline? .
-
I'd go 2.2-BETA, personally. there are only a couple things to get fixed.
The test harness is here: https://github.com/gvnn3/conductor
(Remember, people say I don't know how to open source.)
-
I didn't know there was a Beta already, I'll look at it. Thanks.
-
It's not, but should be quite soon.
-
Now that 2.2 is beta. A few questions about 10Gbe.
1. are the system tune-able tweaks still necessary for the intel ix drivers?
2. are the tweaks needed in the /boot/loader.conf.local as mentioned in reply #14?
3. Are LRO and TSO still needed to be disabled in 2.2 beta for the ix drivers?
Thank you in advance for any reply!
-
Dude in #14 doesn't understand what he's doing.
(People who "tune" TCP variables to get packet filtering / NAT throughput are wasting time.)
You're getting faster IPSec (AES-GCM w/ AES-NI) with 2.2. You'll see some improvement from the threaded "pf" in FreeBSD 10(.1), upon which pFsense 2.2 is based.
I've already discussed the faster version of pf here and elsewhere. There are a couple easy improvements (good for 12-15%), and these might make it into 2.2.x. After that it gets hard, pf is a really crappy architecture for performance.
In any case, these things take time, and/or money.
"Patches accepted."
-
Thank you for you reply. I completely understand what you are saying. PF and PPS ;D I am excited to see what threaded PF in 2.2 might do. I am also interested in what you have been saying with regards to a faster version of PF. Can you point me in the right direction what you have been discussing so that i might catch up? A link or PM?
Thank you,
-
Now that we're on FreeBSD-10, we have netmap (*).
ipfw over netmap exists: https://code.google.com/p/netmap-ipfw/
Quoting that page, "This version reaches 7-10 Mpps for filtering".A preview of same: http://lists.freebsd.org/pipermail/freebsd-ipfw/2012-July/005176.html
"A quick test with a simple ruleset (4 rules, see below) shows a processing speed of 9-10Mpps on one core."Seems obvious (to me) that plumbing pf over netmap (so pf in userspace) is something we should attempt. There is a pfSense hackathon mid-October, and we should know more coming out of that.
10G Ethernet at 64 byte packets is 14.8Mpps. If we can do 7Mpps with pf, then for an average packet size of just over 128 bytes, we will be able to filter at line rate.
Moreover, that's not the end of it, it's just where we're starting.
But getting this work into pfSense will be more than just implementing "pf over netmap".
(*) OK, I"m talking about pfSense 2.2, which technically is still in beta, and yes, netmap was in 8.3 as well, let's not discuss how old 8.3 is.
-
Promising stuff. :)
I look forward to any results (everyone loves a nice graph ;))Steve
-
I just couldnt get past 6.5gbps on 2.1.4….but 2.2 flies :)
this is as fast as my little fileserver can go....
and iperf from laptop<–>FS (my laptop struggles to get > 9gbps due to using a thunderbolt to PCIe adapter which daisy chains a monitor which consumes some bandwidth)
All the above at circa 60% utilisation on one core of a 8 core rangeley 2758 board.
-
@irj972:
I just couldnt get past 6.5gbps on 2.1.4….but 2.2 flies :)
this is as fast as my little fileserver can go....
and iperf from laptop<-->FS (my laptop struggles to get > 9gbps due to using a thunderbolt to PCIe adapter which daisy chains a monitor which consumes some bandwidth)
All the above at circa 60% utilisation on one core of a 8 core rangeley 2758 board.
Very nice. Intel X520 adapter?
-
I've been saying for nearly a year that the c2000 SoC is a huge win for pfsense.
Just wait to see what we do with it.
-
Very nice. Intel X520 adapter?
yup….I'm planning on building a little stripe of SSDs and seeing what bonded 10gig interfaces can do...
I still want to get a test on one of the chinese knocks off to see what they can do too....too much fun stuff to try and not enough time. -
@irj972:
….too much fun stuff to try and not enough time.
Ha! First world problem if ever I saw it. ;)
Thanks for sharing your results.Steve
-
Anybody has any experience with pfSense 2.1.x and Intel 10GbE network controller 82599ES? Supermicro AOC-STGN-i2S is based on this controller, therefore I would like to know weather 82599ES is supported under pfSense 2.1.x? Does it work out-of-the-box or does it require some manual drivers installation?
-
The Intel X520 cards with the same chip work great so I would assume that SuperMicro's card also works, though I do not know for sure.
-
The Intel X520 cards with the same chip work great so I would assume that SuperMicro's card also works, though I do not know for sure.
Intel x520 uses 82599 and 82599ES chips … are there any essential differences between those two chips?
-
82599 is the family. 82599ES is the actual chip.
If you want a feature comparison between the chips in that family then take a look at the link below.
http://ark.intel.com/compare/66004,32207,41282