David Gwynne [da...@gwynne.id.au] wrote: > the main change here is to move pf_purge out from under the kernel lock. > > another part of the change is to limit the amount of work the state > purging does to avoid hogging a cpu too much, and to also avoid holding > NET_LOCK for too long. >
I've been running this on my "CGN" pfsync cluster (~500k states) and it seems to be stable so far. With NET_TASKQ=4 on a 4 CPU box, I see mostly 3 cores taxed and not 4. If I go to NET_TASKQ=8 on a 10 CPU box, I see 5 and sometimes 6 cores taxed. Since I'm using pfsync, there is always one net taskq that is much busier than the rest, so my results may be a little skewed. Chris
