Call for testing: New netmap enabled kernel

[donatom3]

With the new net map kernel sense pi doesn't detect any traffic on my interface that isn't a vlan, but it has no issues with the two interfaces that are vlans. This is in intel i211 nics.

I am also not getting any hits in suricata on that non vlan interface.

[mb]

Hi donatom3,

Is the non-vlan interface the trunk (parent) interface for the other vlan child interfaces?

[donatom3]

MB,

No the vlans were moved to their own interface.

[mb]

Ok, let's have a look at this together.

[mb]

This kernel has also support for native netmap support for vmx(4), VMware VMXNET3 Virtual Interface Controller   device.

https://svnweb.freebsd.org/base?view=revision&revision=344272

Native netmap support should yield better performance compared to the emulated driver.

Much appreciated if someone with an existing VMware deployment could test & provide feedback.

PS: Please note that you'll need to set vmxnet3.netmap_native tunable to 1  (from System: Settings: Tunables) to enable native netmap mode.

[Antaris]

Do setting vmxnet3.netmap_native require reboot to take effect?

[franco]

Hmm, where are we on this now?

We have conflicting reports on this second netmap kernel and the original merge window is approaching now (April/May) so I see potential for delay...


Cheers,
Franco

[mb]

Do setting vmxnet3.netmap_native require reboot to take effect?

Hi Antaris,

Yes, you'll need a reboot. Make sure it's in effect. Use this command:

Code Select Expand


sysctl vmxnet3.netmap_native

[mb]

Hmm, where are we on this now?

We have conflicting reports on this second netmap kernel and the original merge window is approaching now (April/May) so I see potential for delay...


Cheers,
Franco

Hi Franco,

Agreed. We need to check a few issues reported if they are to be addressed or not.

[Antaris]

Do setting vmxnet3.netmap_native require reboot to take effect?

Hi Antaris,

Yes, you'll need a reboot. Make sure it's in effect. Use this command:

Code Select Expand


sysctl vmxnet3.netmap_native

And the result:

sysctl: unknown oid 'vmxnet3.netmap_native'

I added "vmxnet3.netmap_native" in System>>Settings>>Tunables and set it to "1"

[mb]

I added "vmxnet3.netmap_native" in System>>Settings>>Tunables and set it to "1"

Antaris, by checking your configuration, looks like you you're using native netmap for vmx now.

Let me see why tunable does not show up.

[lrosenman]

I'm getting:

Code Select Expand


root@home-fw:~ # opnsense-update -bkr 19.1-netmap
Fetching base-19.1-netmap-amd64.txz: .. failed, no signature found
root@home-fw:~ # uname -a
FreeBSD home-fw.lerctr.org 11.2-RELEASE-p9-HBSD FreeBSD 11.2-RELEASE-p9-HBSD  f083bc4f8a0(stable/19.1)  amd64
root@home-fw:~ #
[code]

Is this now broken?

[mb]

Hi Irosenman,

You should now use:

Code Select Expand

opnsense-update -fbkr 19.1.4-netmap

See: https://forum.opnsense.org/index.php?topic=11477.msg55261#msg55261

[lrosenman]

should this help on em(4) devices with normal speed test type stuff? 

I'm on a protectli (https://www.protectli.com) FW1
on ATT Fiber (using https://github.com/aus/pfatt bypass for the RG).

My speeds are ~600meg/sec, but with the Ubiquiti USG I was getting 900+.

Ideas welcome...

I didn't make any changes to the config other than adding the new netmap kernel.

[franco]

I don't expect radical changes on em drivers. There's one commit we don't have yet which would suggest a considerable speedup in the IPS department, however:

https://svnweb.freebsd.org/base?view=revision&revision=345269

What remains to be seen is if this requires changes to Suricata to make use of the speedup potential.



Cheers,
Franco