10Gbe Tuning?
-
Dude in #14 doesn't understand what he's doing.
(People who "tune" TCP variables to get packet filtering / NAT throughput are wasting time.)
You're getting faster IPSec (AES-GCM w/ AES-NI) with 2.2. You'll see some improvement from the threaded "pf" in FreeBSD 10(.1), upon which pFsense 2.2 is based.
I've already discussed the faster version of pf here and elsewhere. There are a couple easy improvements (good for 12-15%), and these might make it into 2.2.x. After that it gets hard, pf is a really crappy architecture for performance.
In any case, these things take time, and/or money.
"Patches accepted."
-
Thank you for you reply. I completely understand what you are saying. PF and PPS ;D I am excited to see what threaded PF in 2.2 might do. I am also interested in what you have been saying with regards to a faster version of PF. Can you point me in the right direction what you have been discussing so that i might catch up? A link or PM?
Thank you,
-
Now that we're on FreeBSD-10, we have netmap (*).
ipfw over netmap exists: https://code.google.com/p/netmap-ipfw/
Quoting that page, "This version reaches 7-10 Mpps for filtering".A preview of same: http://lists.freebsd.org/pipermail/freebsd-ipfw/2012-July/005176.html
"A quick test with a simple ruleset (4 rules, see below) shows a processing speed of 9-10Mpps on one core."Seems obvious (to me) that plumbing pf over netmap (so pf in userspace) is something we should attempt. There is a pfSense hackathon mid-October, and we should know more coming out of that.
10G Ethernet at 64 byte packets is 14.8Mpps. If we can do 7Mpps with pf, then for an average packet size of just over 128 bytes, we will be able to filter at line rate.
Moreover, that's not the end of it, it's just where we're starting.
But getting this work into pfSense will be more than just implementing "pf over netmap".
(*) OK, I"m talking about pfSense 2.2, which technically is still in beta, and yes, netmap was in 8.3 as well, let's not discuss how old 8.3 is.
-
Promising stuff. :)
I look forward to any results (everyone loves a nice graph ;))Steve
-
I just couldnt get past 6.5gbps on 2.1.4….but 2.2 flies :)
this is as fast as my little fileserver can go....
and iperf from laptop<–>FS (my laptop struggles to get > 9gbps due to using a thunderbolt to PCIe adapter which daisy chains a monitor which consumes some bandwidth)
All the above at circa 60% utilisation on one core of a 8 core rangeley 2758 board.
-
@irj972:
I just couldnt get past 6.5gbps on 2.1.4….but 2.2 flies :)
this is as fast as my little fileserver can go....
and iperf from laptop<-->FS (my laptop struggles to get > 9gbps due to using a thunderbolt to PCIe adapter which daisy chains a monitor which consumes some bandwidth)
All the above at circa 60% utilisation on one core of a 8 core rangeley 2758 board.
Very nice. Intel X520 adapter?
-
I've been saying for nearly a year that the c2000 SoC is a huge win for pfsense.
Just wait to see what we do with it.
-
Very nice. Intel X520 adapter?
yup….I'm planning on building a little stripe of SSDs and seeing what bonded 10gig interfaces can do...
I still want to get a test on one of the chinese knocks off to see what they can do too....too much fun stuff to try and not enough time. -
@irj972:
….too much fun stuff to try and not enough time.
Ha! First world problem if ever I saw it. ;)
Thanks for sharing your results.Steve
-
Anybody has any experience with pfSense 2.1.x and Intel 10GbE network controller 82599ES? Supermicro AOC-STGN-i2S is based on this controller, therefore I would like to know weather 82599ES is supported under pfSense 2.1.x? Does it work out-of-the-box or does it require some manual drivers installation?
-
The Intel X520 cards with the same chip work great so I would assume that SuperMicro's card also works, though I do not know for sure.
-
The Intel X520 cards with the same chip work great so I would assume that SuperMicro's card also works, though I do not know for sure.
Intel x520 uses 82599 and 82599ES chips … are there any essential differences between those two chips?
-
82599 is the family. 82599ES is the actual chip.
If you want a feature comparison between the chips in that family then take a look at the link below.
http://ark.intel.com/compare/66004,32207,41282
-
What fiber sfp+ modules are you guys using for the intel x520?
-
What fiber sfp+ modules are you guys using for the intel x520?
I use mostly Direct Attach cables, not optics, but when I do use fiber it's either genuine Intel modules or knockoffs from approvedoptics.com.
-
What fiber sfp+ modules are you guys using for the intel x520?
I use mostly Direct Attach cables, not optics, but when I do use fiber it's either genuine Intel modules or knockoffs from approvedoptics.com.
Nice, regular 8431 cables like http://www.ebay.com/itm/Intel-XDACBL5M-Twinaxial-Netwrk-Cable-Twinaxial-Netwrk-16-40ft-SFF-8431-Male-/311114486894?pt=LH_DefaultDomain_0&hash=item486fde546e or? And this card is 2x10gbit full duplex? if so, possible lacp @ 2x10gbit?
-
What fiber sfp+ modules are you guys using for the intel x520?
I use mostly Direct Attach cables, not optics, but when I do use fiber it's either genuine Intel modules or knockoffs from approvedoptics.com.
Nice, regular 8431 cables like http://www.ebay.com/itm/Intel-XDACBL5M-Twinaxial-Netwrk-Cable-Twinaxial-Netwrk-16-40ft-SFF-8431-Male-/311114486894?pt=LH_DefaultDomain_0&hash=item486fde546e or? And this card is 2x10gbit full duplex? if so, possible lacp @ 2x10gbit?
Yes, cables like that.
Theoretically, yes, you could put two links together for 2x10Gbit/s.
-
What fiber sfp+ modules are you guys using for the intel x520?
I use mostly Direct Attach cables, not optics, but when I do use fiber it's either genuine Intel modules or knockoffs from approvedoptics.com.
Nice, regular 8431 cables like http://www.ebay.com/itm/Intel-XDACBL5M-Twinaxial-Netwrk-Cable-Twinaxial-Netwrk-16-40ft-SFF-8431-Male-/311114486894?pt=LH_DefaultDomain_0&hash=item486fde546e or? And this card is 2x10gbit full duplex? if so, possible lacp @ 2x10gbit?
Yes, cables like that.
Theoretically, yes, you could put two links together for 2x10Gbit/s.
Now do the math on 40Gbps NICs and a $99 break-out cable. :-)
-
on my actual setup - J1900 + ssd + 8gb ram and 2xIntel i210T
For PPPoE i got verry low speed. Around 346.96 Mbit/s. connection is 1000 Mbit/s.I'm not expecting to get 1000 but @least 50%
dev.igb.0.%desc: Intel(R) PRO/1000 Network Connection version - 2.4.0 -
What CPU usage are you seeing?
Steve
