Zenarmor performance expectation

[jaykumar2005]

I am running OPNsense on Lenovo P330 Intel i5-8500 CPU @ 3.00GHz, with Zenarmor Free tier, with basic default policy with few rules.

My upstream bandwidth is around 1Gbps, get around 900+mbps on interface/VLAN excluded on Zenarmor

The bandwidth I get on Zenarmor monitored VLAN doesn't exceed 650mbps at all

Is this the expected penalty of running a single core single thread zenarmor?

Did someone did a benchmark of Zenarmor performance on different CPU? What is your bandwidth perfomance with zenarmor enabled?

[sy]

Hi,

Can you share the interface type and are you using Zenarmor with Emulated Netmap driver or Native Netmap driver?

[jaykumar2005]

I am using Routed Mode (L3 Mode, Reporting + Blocking) with Emulated Netmap driver

[sy]

Hi,

Is the interface igc or? Can you share "sysctl -a | grep netmap" command output?

[jaykumar2005]

Here is the details,  igb0 is WAN (pppoe) and igb1 is LAN (pvid1/untagged), igb2 is Trunk interface with multiple tagged VLAN

I see bandwidth issue with igb1 LAN interface only

Code Select Expand

sysctl -a | grep netmap
<6>[1] igb0: netmap queues/slots: TX 6/1024, RX 6/1024
<6>[1] igb1: netmap queues/slots: TX 6/1024, RX 6/1024
<6>[1] igb2: netmap queues/slots: TX 6/1024, RX 6/1024
<6>[1] igb3: netmap queues/slots: TX 6/1024, RX 6/1024
<6>[1] em0: netmap queues/slots: TX 1/1024, RX 1/1024
[92] 913.575921 [1167] generic_netmap_attach     Emulated adapter for igb1 created (prev was igb1)
[92] 913.575934 [1068] generic_netmap_dtor       Native netmap adapter for igb1 restored
[92] 913.575941 [1072] generic_netmap_dtor       Emulated netmap adapter for igb1 destroyed
[92] 913.576009 [1167] generic_netmap_attach     Emulated adapter for igb1 created (prev was igb1)
[92] 913.829018 [ 319] generic_netmap_register   Emulated adapter for igb1 activated
[92] 913.829113 [1167] generic_netmap_attach     Emulated adapter for vlan0.40 created (prev was NULL)
[92] 913.829124 [1072] generic_netmap_dtor       Emulated netmap adapter for vlan0.40 destroyed
[92] 913.829234 [1167] generic_netmap_attach     Emulated adapter for vlan0.40 created (prev was NULL)
[92] 913.829307 [ 319] generic_netmap_register   Emulated adapter for vlan0.40 activated
device netmap
dev.netmap.iflib_rx_miss_bufs: 0
dev.netmap.iflib_rx_miss: 0
dev.netmap.iflib_crcstrip: 1
dev.netmap.max_bridges: 8
dev.netmap.bridge_batch: 1024
dev.netmap.default_pipes: 0
dev.netmap.port_numa_affinity: 0
dev.netmap.priv_buf_num: 4098
dev.netmap.priv_buf_size: 2048
dev.netmap.buf_curr_num: 1000000
dev.netmap.buf_num: 1000000
dev.netmap.buf_curr_size: 2048
dev.netmap.buf_size: 2048
dev.netmap.priv_ring_num: 4
dev.netmap.priv_ring_size: 20480
dev.netmap.ring_curr_num: 1024
dev.netmap.ring_num: 1024
dev.netmap.ring_curr_size: 36864
dev.netmap.ring_size: 36864
dev.netmap.priv_if_num: 2
dev.netmap.priv_if_size: 1024
dev.netmap.if_curr_num: 100
dev.netmap.if_num: 100
dev.netmap.if_curr_size: 1024
dev.netmap.if_size: 1024
dev.netmap.ptnet_vnet_hdr: 1
dev.netmap.generic_rings: 1
dev.netmap.generic_ringsize: 1024
dev.netmap.generic_mit: 100000
dev.netmap.generic_hwcsum: 0
dev.netmap.admode: 2
dev.netmap.fwd: 0
dev.netmap.txsync_retry: 2
dev.netmap.no_pendintr: 1
dev.netmap.no_timestamp: 0
dev.netmap.verbose: 0