High CPU load under network load
-
I`m building a router with PFsense and some reasonably old hardware.
I am using iperf to test LAN performance. I was able to get stable 940MBit bandwidth either from/to pfsense box, but this test consumes 70-80% CPU.
In top i see that cpu is mostly loaded by interrupt process assigned for my NIC.My hardware setup
CPU: Xeon 5150 2.66GHz 2 cores
1Gb RAM
Gigabit Marvell NICI tried:
toggling TSO and LRO, checksum offload
increasing TCP buffers
using polling
I got lower bandwidth of no changes in CPU loadSo, does PFsense need some performance tuning or such behavior is intended?
I have several linux boxes and see only 1-2% cpu load increase running the same test. -
High CPU usage is almost always the NIC. A cheap NIC can destroy the fastest CPU you can buy.
-
Same setup with debian linux gives me 940MBit of bandwidth with <5% cpu load
-
well, your iperf test between client<–>pfsense isn't all that useful for measuring any kind of performance.
to test a router, you need to measure throughput. ( iperf_A <--> router <--> iperf_B )Also:
debian = a linux distro ( out of the box its default config is to act as an end-point)
pfSense = firewall/routing distro based on FreeBSD. ( it's configured to firewall/route ... not an end-point)
there can be huge differences in performance between linux & freebsd (depends on the hardware / drivers / ...)could you provide an output of
top -SH -
So i made a fresh install and tested it with 2 other hosts.
My results:
host1->pfsense 930 Mb/s 75-80% CPU
pfsense->host1 940Mb/s 60% CPUhost1->host2 (via pfsense as router/NAT) 720Mb/s ~25% CPU on pfsense
This looks somewhat better.
So, i guess pfsense handles handles forwarding packets not the same way as passing to user space app.
The only thing to figure out is cpu usage when using PPP WAN (my test setup had static IP), but i think it should not be much worse.I consider my issue resolved. Thank you all.