Re: [ANNOUNCE] nf-hipac v0.8 released

To:	nf@xxxxxxxxx
Subject:	Re: [ANNOUNCE] nf-hipac v0.8 released
From:	P@xxxxxxxxxxxxxx
Date:	Wed, 02 Jul 2003 15:23:30 +0100
Cc:	linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to:	<200307021548.19989.nf@xxxxxxxxx>
References:	<Pine.LNX.4.44.0307020826530.23232-100000@xxxxxxxxxx> <200307021426.56138.nf@xxxxxxxxx> <3F02D964.7050301@xxxxxxxxxxxxxx> <200307021548.19989.nf@xxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030617

Michael Bellion and Thomas Heinz wrote:

Hi Pádraig
Since real world network traffic always consists of a lot of different
sized packets taking maximum sized packets is very euphemistic. 1450 byte
packets at 950 Mbit/s correspond to approx. 80,000 packets/sec.
We are really interested in how our algorithm performs at higher packet
rates. Our performance tests are based on 100 Mbit hardware so we coudn't
test with more than approx. 80,000 packets/sec even with minimum sized
packets.
Interrupt latency is the problem here. You'll require napi et. al
to get over this hump.
Yes we know, but with 128 byte frame size you can archieve a packet rate of atmost 97,656 packets/sec (in theory) on 100 Mbit hardware. We don't think thisfew more packets would have changed the results fundamentally, so it'sprobably not worth it on 100 Mbit.

I was testing with 64 byte packets (so around 190Kpps). e100 cards atleast have a handy mode for continually sending a packet as fast aspossible. Also you can use more than one interface. So 100Mb

is very useful for testing. For the test below I was using
a rate of around 85Kpps.

Certainly you are right, that napi is required on gigabit to saturate the linkwith small sized packets.
Cool. The same sort of test with ordinary netfilter that
I did showed it could only handle around 125 rules at this
packet rate on a 1.4GHz PIII, e1000 @ 100Mb/s.

# ./readprofile -m /boot/System.map | sort -nr | head -30
  6779 total                                      0.0047
  4441 default_idle                              69.3906
   787 handle_IRQ_event                           7.0268
   589 ip_packet_match                            1.6733
   433 ipt_do_table                               0.6294
   106 eth_type_trans                             0.5521
   [...]
What do you want to show with this profile? Most of the time is spend in theidle loop and in irq handling and only a few percentage in ip_packet_matchand ipt_do_table, so we don't quite get how this matches your statementabove. Could you explain this in a few words?


Confused me too. The system would lock up and start dropping
packets after 125 rules. I.E. it would linearly degrade
as more rules were added. I'm guessing there is a fixed
interrupt overhead that is accounted for
by default_idle? Note the e1000 drivers were
left in the default config so there could definitely
be some tuning done here.

Note I changed netfilter slightly to accept promiscuous traffic
which is done in ip_rcv() and then the packets are just dropped
after the (match any in the test case) rules are traversed.

Pádraig.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ANNOUNCE] nf-hipac v0.8 released, Pekka Savola Re: [ANNOUNCE] nf-hipac v0.8 released, Michael Bellion and Thomas Heinz Re: [ANNOUNCE] nf-hipac v0.8 released, P Re: [ANNOUNCE] nf-hipac v0.8 released, Michael Bellion and Thomas Heinz Re: [ANNOUNCE] nf-hipac v0.8 released, P <= Re: [ANNOUNCE] nf-hipac v0.8 released, Michael Bellion and Thomas Heinz

Previous by Date:	[LogReport] Error in common report (was: [LogReport] common report (was: Re: Movie)), log
Next by Date:	[LogReport] common report (was: Re: Movie), log
Previous by Thread:	Re: [ANNOUNCE] nf-hipac v0.8 released, Michael Bellion and Thomas Heinz
Next by Thread:	Re: [ANNOUNCE] nf-hipac v0.8 released, Michael Bellion and Thomas Heinz
Indexes:	[Date] [Thread] [Top] [All Lists]