Handling 100.000 packets/sec or more
From: David Gilbert (dgilbert_at_dclg.ca)
Date: 01/14/04
- Previous message: Crist J. Clark: "Re: Routing Networks"
- In reply to: Adrian Penisoara: "Handling 100.000 packets/sec or more"
- Next in thread: Sten Daniel Sørsdal: "RE: Handling 100.000 packets/sec or more"
- Maybe reply: Sten Daniel Sørsdal: "RE: Handling 100.000 packets/sec or more"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 14 Jan 2004 15:56:39 -0500 To: Adrian Penisoara <ady@freebsd.ady.ro>
>>>>> "Adrian" == Adrian Penisoara <ady@freebsd.ady.ro> writes:
Adrian> Hi, At one site that I administer we have a gateway server
Adrian> which services a large SOHO LAN (more than 300 stations) and
Adrian> I'm facing a serious issue: very often we see strong spoofed
Adrian> floods (variable source IP and port, variable destination IP,
Adrian> destination port 80) which can go as far as 100 000
Adrian> packets/sec!
Adrian> Of course, the server (FreeBSD 5.2-REL, PIII 733Mhz, 256Mb
Adrian> RAM, 3COM 3C905B-TX aka xl0 with checksum offloading support)
Adrian> has a hard time swallowing this kind of traffic. The main
Adrian> issue are the IRQ interrupts: over 15000 interrupts/sec which
Adrian> consume more than 90% of the CPU time. We got ingress
Adrian> filtering so the packets go no further than the firewall
Adrian> (which, BTW, is not the issue, even disabling it it's the same
Adrian> problem). The system is still responsive but the load average
Adrian> goes as high as 10 and the interface is losing packets (input
Adrian> errors) which dramatically affects legitimate traffic, besides
Adrian> mbuf(9) starvation. We are taking down the culprit clients,
Adrian> but this takes time and we need the other clients not to be
Adrian> affected by it.
Adrian> What can I do to make the system better handle this kind of
Adrian> traffic ? Could device polling(8) or just increasing the
Adrian> kernel frequency clock to 1000Hz or more improve the situation
Adrian> ? What kind of network cards could face a lot better this
Adrian> burden ? Are there any other solutions ?
Adrian> On a side note: what would be a adequate formula to
Adrian> calculate the NMBCLUSTERS and MBUFS we should set on this
Adrian> server (via boot-time kern.ipc.nmbclusters and
Adrian> kern.ipc.nmbufs) ?
In our experience, switch to fxp ethernet cards, test several
motherboards and enable polling.
fxp and em cards appear to have the best performance ... outrunning
other cards by a fair margin.
Different motherboards have several orders of magnitude different
performance with the same processor.
Polling (as others have mentioned) roughly doubles the throughput of a
server and eliminates live lock.
Dave.
-- ============================================================================ |David Gilbert, Independent Contractor. | Two things can only be | |Mail: dave@daveg.ca | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================ _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Crist J. Clark: "Re: Routing Networks"
- In reply to: Adrian Penisoara: "Handling 100.000 packets/sec or more"
- Next in thread: Sten Daniel Sørsdal: "RE: Handling 100.000 packets/sec or more"
- Maybe reply: Sten Daniel Sørsdal: "RE: Handling 100.000 packets/sec or more"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
