using more then one core

Started by Tupsi, August 22, 2021, 03:30:57 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 22, 2021, 03:30:57 PM
I currently got a new internet connection, upgrading from 50/10 to 1000/500. The joy only went as long, as I went on to test the new connection with my opnsense firewall which ended up at a around 500/500 instead of the 1000/500 in speedtest. After plugging in my pc directly to verify that I indeed got what I ordered I went back to my firewall only to find out that during heavy traffic load, only one of the four cpu cores get used at 100%, most likely resulting in the poor result. It gets worse when I enable IDS (naturally) as the result seems the same; every is handled only by one core.

So the question is; can I change some settings to offload parts of the load to one of the other three cores or is that kind of basic network traffic always limited to using only one core (and I would have to get a faster hardware as a result)? (Already tried the offloading hardware options in the interface settings, but this does not change anything. The only impact I see is enabling IDS which drives it even further down to like 250/400.)

August 22, 2021, 03:52:57 PM #1
Set this tunable and reboot: net.isr.maxthreads="-1"
In theory there is no difference between theory and practice. In practice there is.
August 22, 2021, 05:03:10 PM #2
no change. The download test is still a flat 100% CPU resulting in a little less then 500Mbit while the upload seems to get the max out of the line as its above the guaranteed 500Mbit (520) with around 84% on a single core.
August 22, 2021, 05:33:17 PM #3
Strange. What hardware are you using? Virtualised or bare metal?
In theory there is no difference between theory and practice. In practice there is.
August 22, 2021, 07:54:24 PM #4
When you say IDS you mean IPS? If yes there are a number of recent threads that are worth a read. I'll gladly send them over if that is the case.


Cheers,
Franco
August 23, 2021, 08:45:46 AM #5
Quote from: dinguz on August 22, 2021, 05:33:17 PM
Strange. What hardware are you using? Virtualised or bare metal?
It's bare metal with 4 nics and a    Celeron J1900 CPU (1.99GHz ,4 cores).

August 23, 2021, 08:55:22 AM #6
Quote from: franco on August 22, 2021, 07:54:24 PM
When you say IDS you mean IPS? If yes there are a number of recent threads that are worth a read. I'll gladly send them over if that is the case.

Yes, I ment suricata. I totally understand that enabling that costs performance, so thats why I disabled it for now but still have the results I talk above. My hunch is, that this hardware I bought is just of bad design and just cant handle anymore., which is odd, then I already learned that an old fritzbox 7490 can handle that connection just fine (if we just talk hardware). I was under the assumption (illusion?) that a celeron with 4 cores should be able to handle a gbit connection from one nic to another, even with a few iptables rules in the way.

Is there a way I can just benchmark network speed from one nic to another from the shell? Like em0 to em3 or something?
Print
Go Up Pages1
User actions