* 10GbE Connectivity & Netfilter
@ 2012-03-13 13:22 Tarkan Erimer
2012-03-13 14:02 ` Jan Engelhardt
0 siblings, 1 reply; 5+ messages in thread
From: Tarkan Erimer @ 2012-03-13 13:22 UTC (permalink / raw)
To: netfilter-devel
Hi all,
I have some questions regarding to 10GbE connectivity with
netfilter/iptables. I searched on google. But didn't find anything to
make a clear conclusion. Most of the results were just confusing,
conflicting with some others or quite outdated. So, I've decided to
write here to get best possible answers by its developers' mouth :-)
So, before asking my questions, here are the some details regarding to
the questioned environment :
- 10GbE NIC connectivity with the same speed direct Internet
(10Gbit/sec) connection.
- 350.000 - 400.000 packets/sec. inspections/forwarding in some peak
loads (it happens frequently. So, safe to say that it's average load
most of the time.)
- In peak times, there is 7-8 Gbit/sec. traffic. Average is around 5
Gbit/sec.
- Server has plenty of RAM and CPU/Cores. (Don't remember the exact
configs now.)
My questions :
1- Is netfilter subsystem multi-threaded/multi-core enabled ? So that,
it can spread the loads across the CPUs/Cores.
2- Can it handle such loads consistently (without any
issues/bottlenecks) as I've mentioned above ?
3- Is there any performance matrix and/or practical examples to see ?
4- What kind of netfilter/kernel configs recommended for such a load ?
Many Thanks In Advance For Your Valuable Answers!
Cheers.
Tarkan
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: 10GbE Connectivity & Netfilter
2012-03-13 13:22 10GbE Connectivity & Netfilter Tarkan Erimer
@ 2012-03-13 14:02 ` Jan Engelhardt
2012-03-13 14:10 ` Thomas Jarosch
2012-03-14 7:21 ` Tarkan Erimer
0 siblings, 2 replies; 5+ messages in thread
From: Jan Engelhardt @ 2012-03-13 14:02 UTC (permalink / raw)
To: Tarkan Erimer; +Cc: netfilter-devel
On Tuesday 2012-03-13 14:22, Tarkan Erimer wrote:
>
> 1- Is netfilter subsystem multi-threaded/multi-core enabled ? So that, it can
> spread the loads across the CPUs/Cores.
Like most kernel subsystems, it is.
> 2- Can it handle such loads consistently (without any issues/bottlenecks) as
> I've mentioned above ?
Question is more like, can your hardware handle it.
> 4- What kind of netfilter/kernel configs recommended for such a load ?
Does not really matter.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: 10GbE Connectivity & Netfilter
2012-03-13 14:02 ` Jan Engelhardt
@ 2012-03-13 14:10 ` Thomas Jarosch
2012-03-14 7:22 ` Tarkan Erimer
2012-03-14 7:21 ` Tarkan Erimer
1 sibling, 1 reply; 5+ messages in thread
From: Thomas Jarosch @ 2012-03-13 14:10 UTC (permalink / raw)
To: netfilter-devel; +Cc: Tarkan Erimer
On Tuesday, 13. March 2012 15:02:13 Jan Engelhardt wrote:
> > 1- Is netfilter subsystem multi-threaded/multi-core enabled ? So that,
> > it can spread the loads across the CPUs/Cores.
>
> Like most kernel subsystems, it is.
>
> > 2- Can it handle such loads consistently (without any
> > issues/bottlenecks) as I've mentioned above ?
>
> Question is more like, can your hardware handle it.
On that note, Holger Eitzenberger's irqd might be worth a look:
https://github.com/vaesoo/irqd#readme
http://workshop.netfilter.org/2011/wiki/images/6/69/Nfws2011-multiqueue-and-rps.pdf
Thomas
--
Address (better: trap) for people I really don't want to get mail from:
hubert.farnsworth@cactusamerica.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: 10GbE Connectivity & Netfilter
2012-03-13 14:02 ` Jan Engelhardt
2012-03-13 14:10 ` Thomas Jarosch
@ 2012-03-14 7:21 ` Tarkan Erimer
1 sibling, 0 replies; 5+ messages in thread
From: Tarkan Erimer @ 2012-03-14 7:21 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel@vger.kernel.org
On 03/13/2012 04:02 PM, Jan Engelhardt wrote:
> On Tuesday 2012-03-13 14:22, Tarkan Erimer wrote:
>> 1- Is netfilter subsystem multi-threaded/multi-core enabled ? So that, it can
>> spread the loads across the CPUs/Cores.
> Like most kernel subsystems, it is.
>
>> 2- Can it handle such loads consistently (without any issues/bottlenecks) as
>> I've mentioned above ?
> Question is more like, can your hardware handle it.
>
>> 4- What kind of netfilter/kernel configs recommended for such a load ?
> Does not really matter.
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Thanks very much for your answers.
Cheers,
Tarkan
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: 10GbE Connectivity & Netfilter
2012-03-13 14:10 ` Thomas Jarosch
@ 2012-03-14 7:22 ` Tarkan Erimer
0 siblings, 0 replies; 5+ messages in thread
From: Tarkan Erimer @ 2012-03-14 7:22 UTC (permalink / raw)
To: Thomas Jarosch; +Cc: netfilter-devel@vger.kernel.org
On 03/13/2012 04:10 PM, Thomas Jarosch wrote:
> On Tuesday, 13. March 2012 15:02:13 Jan Engelhardt wrote:
>>> 1- Is netfilter subsystem multi-threaded/multi-core enabled ? So that,
>>> it can spread the loads across the CPUs/Cores.
>> Like most kernel subsystems, it is.
>>
>>> 2- Can it handle such loads consistently (without any
>>> issues/bottlenecks) as I've mentioned above ?
>> Question is more like, can your hardware handle it.
> On that note, Holger Eitzenberger's irqd might be worth a look:
> https://github.com/vaesoo/irqd#readme
>
> http://workshop.netfilter.org/2011/wiki/images/6/69/Nfws2011-multiqueue-and-rps.pdf
>
> Thomas
>
Hmmm... Really interesting documents. Definitely, what I was looking for!
Thanks a lot!
Cheers,
Tarkan
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-03-14 7:23 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-13 13:22 10GbE Connectivity & Netfilter Tarkan Erimer
2012-03-13 14:02 ` Jan Engelhardt
2012-03-13 14:10 ` Thomas Jarosch
2012-03-14 7:22 ` Tarkan Erimer
2012-03-14 7:21 ` Tarkan Erimer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).