From mboxrd@z Thu Jan 1 00:00:00 1970 From: Derek Sims Date: Mon, 19 Nov 2007 17:55:20 +0000 Subject: Re: [LARTC] Which CPU for heavy traffic with much filtering/shaping? Message-Id: <4741CE08.8020506@interdart.co.uk> List-Id: References: <47415A73.9020107@interdart.co.uk> In-Reply-To: <47415A73.9020107@interdart.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Marek Kierdelewicz wrote: >> Hi >> > > Hi > > >> I have a router with a large number of iptables rules and some >> extensive traffic shaping (HTB + RED + ... ) + conntrack. >> > > Performance boost tips: > > - Use "set" module instead of sequential iptables rules. It can lower > cpu usage. > Hmm - I don't know what the "set" module is - can you point me to some documentation please? > - Use hashing filters for shaping if you're using many u32 filters. > Only 3 > - configure conntrack to use bigger hashsize for better performance; > i'm passing following parameter to kernel in grub to achieve this: > ip_conntrack.hashsize48575 > > I have 64k in conntrack_max and hashsize of 16000 Currently running with about 20000 conntrack connections I will try increasing this > - configure routecache to use bigger to use more memory for better > performance; i'm passing following parameter to kernel in grub to > achieve this: rhash_entries$00000 > > >> 1. What processors should I be looking for in order to achieve the >> best routing throughput on a linux router? >> > > I've had good experiences with P4 (with and without HT), Athlon64, Xeon > [dempsey], Xeon [woodcrest]. The last one is the best choice because of > the large cache and architecture. I think you can use Core 2 Duo too > if you want to save some money. > > Thanks - I will see what I can get >> 2. Is it true that multicore processors will not help much in this >> situation? >> > > Not true. In your setup with two nics with same load you can easily use > two cores. You can assign each nic to different core by the means of > smp_affinity setting in /proc/irq/... or by using irqbalance daemon. > > That is good news :) - however I guess 4 core with dual ethernet would not help very much! >> Best regards, >> Derek >> > > pozdrawiam > Marek Kierdelewicz > KoBa ISP > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > Best regards, Derek _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc