English Forums > Intrusion Detection and Prevention

Performance tuning for IPS maximum performance

<< < (2/22) > >>

mimugmail:
Are you really sure the FC values did the trick and not the others?
Normally FC will influence your network badly with TCP .. and most switches doesn't support it either (in both directions).

Would be really interesting, I never did any testing on BSD :)

dcol:
Actually I am in the process to figure out how to determine if flow control is enabled or not on a device. Unfortunately ethtool is not part of the distro, so I cannot figure it out yet. Would be nice to have ethtool available as an add-on package.

The command 'ethtool --show-pause igb0' would show if RX or TX was off (no FC) or on (FC enabled).

For me, when FC is enabled on the WAN the link crashes a lot. I spoke with the ISP and they confirmed that there is no FC on the bridged connection.

Most modern unmanaged switches do support flow control, 802.3x, and it is selectable on managed switches and most NIC's.

Also, if you look at the netmap documentation it suggests that flow control can negatively affect performance.
https://www.freebsd.org/cgi/man.cgi?query=netmap&sektion=4#end

franco:

--- Quote from: dcol on December 08, 2017, 11:04:01 pm ---Actually I am in the process to figure out how to determine if flow control is enabled or not on a device. Unfortunately ethtool is not part of the distro, so I cannot figure it out yet. Would be nice to have ethtool available as an add-on package.
--- End quote ---

Not aware of a FreeBSD sibling here, sorry. :(

Old mailing list threads only suggest sysctl like you found:

https://lists.freebsd.org/pipermail/freebsd-net/2012-July/032868.html


Cheers,
Franco

Noctur:
Thank you dcol for doing this work and sharing...

Does anyone know or has anyone tried this function with em NICs/drivers? No igb in my box, but I'd like test.

TIA

dcol:
The following settings will work for the em driver

Put in loader.conf.local
# Flow Control (FC) 0=Disabled 1=Rx Pause 2=Tx Pause 3=Full FC
# This setting must be set according to your configuration. VERY IMPORTANT!
# Set FC to 0(<x>) on every interfaces used by IPS
hw.em.<x>.fc=0 - Also put in System Tunables hw.em.<x>.fc: value=0

hw.em.rx_process_limit=-1
hw.em.enable_msix=1
hw.em.txd=2048
hw.em.rxd=2048
net.link.ifqmaxlen="4096"

Put in Settings>System Tunables
hw.em.eee_setting:  value=0
dev.em.<x>.eee_control: value=0 # replace <x> with interface#, repeat for all installed ports

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version