[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Massive interrupts on Gigabit firewall
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Massive interrupts on Gigabit firewall
- From: Andy Isaacson <adi_(_at_)_hexapodia_(_dot_)_org>
- Date: Mon, 23 Sep 2002 14:45:10 -0500
On Fri, Sep 20, 2002 at 02:17:27AM -0700, tedu wrote:
> On Fri, 20 Sep 2002, Patrick Schemitz wrote:
> > Now even when not filtering (i.e. just an empty rule set *plus* NATting)
> > we can only achieve a mere 16 MB/s (firewall between a 3COM 3C996T and
> > an Intel PRO 1000XT, both running Linux, measured with FTP).
> Have you compared that number to using a cross-over cable? There's not
> much you can do to reduce the number of interrupts, but 900MHz should be
> enough to process lots of rules and connections without slowing down.
Actually, there is quite a bit that can be done to reduce the number of
interrupts. Modern GigE cards are capable of doing "interrupt
mitigation", whereby they will not interrupt the CPU on every packet
received, but less frequently. (Of course the network driver has to
process the entire queue when it gets an interrupt.)
One of the Linux things in this area is called NAPI, but there's also
generic IRQ mitigation separate from the NAPI patches.
Visit your host, monkey.org