On 2021-07-22, Sebastian Benoit <[email protected]> wrote: > Christopher Sean Hilton([email protected]) on 2021.07.21 14:20:58 -0400: >> I have a packet filtering bridge running on PF and OpenBSD 6.8. My >> hardware is a SuperMicro Atom D525 service with dual Intel Gigabit >> Nics. I've added a second dual Intel card in a PCIe slot. > > I have used this hardware in the past (5-6 years ago). As far as i can > remember you cannot get it much faster. If i remember correctly, routing > was even less. > >> When I run iPerf across this bridge, I max out at about 550Mbit/s. I'm >> running systat on the bridge. At peak load, I'm seeing 1500 ~ 1700 >> interrupts per second for each interface in the bridge via systat. >> >> I'm noticing similar limitations from another OpenBSD 6.8 firewall >> that I run. This is an Atom C2758 machine. And in this case, I'm >> getting about 650 ~ 700 Mbit/s from the slightly faster hardware. >> >> My questions are: >> >> * Where should I be looking for the bottleneck on this problem? > > The IO paths of those Atoms are slow. Disk IO is also lacking.
The D525, yes. The C2758 should cope with much more than 650-700Mb/s though maybe not with OpenBSD as-is, they're not as good as the Xeon D (especially single-threaded performance) but they are still pretty capable. If I was running into a performance wall with C2758 I'd add a NIC with a driver that already supports multiple queues (ix is probably most common, em doesn't have this yet) and see gow things go with the "forwarding in parallel" diffs over on tech@.
