local = German? I can ask my boss is the company is willing to test such a device ..
I ordered this via company, no tax, so only 160EURhttps://www.amazon.de/PC-Engines-APU-2C4-Netzteil-schwarzes/dp/B01GEIEI7M
Quote from: mimugmail on August 09, 2018, 04:16:00 pmhttps://calomel.org/freebsd_network_tuning.html# Disable Hyper Threading (HT), also known as Intel's proprietary simultaneous# multithreading (SMT) because implementations typically share TLBs and L1# caches between threads which is a security concern. SMT is likely to slow# down workloads not specifically optimized for SMT if you have a CPU with more# than two(2) real CPU cores. Secondly, multi-queue network cards are as much# as 20% slower when network queues are bound to real CPU cores and well as SMT# virtual cores due to interrupt processing inefficiencies.machdep.hyperthreading_allowed="0" # (default 1, allow Hyper Threading (HT))# Intel igb(4): The Intel i350-T2 dual port NIC supports up to eight(# input/output queues per network port, the card has two(2) network ports.## Multiple transmit and receive queues in network hardware allow network# traffic streams to be distributed into queues. Queues can be mapped by the# FreeBSD network card driver to specific processor cores leading to reduced# CPU cache misses. Queues also distribute the workload over multiple CPU# cores, process network traffic in parallel and prevent network traffic or# interrupt processing from overwhelming a single CPU core.## http://www.intel.com/content/dam/doc/white-paper/improving-network-performance-in-multi-core-systems-paper.pdf## For a firewall under heavy CPU load we recommend setting the number of# network queues equal to the total number of real CPU cores in the machine# divided by the number of active network ports. For example, a firewall with# four(4) real CPU cores and an i350-T2 dual port NIC should use two(2) queues# per network port (hw.igb.num_queues=2). This equals a total of four(4)# network queues over two(2) network ports which map to to four(4) real CPU# cores. A FreeBSD server with four(4) real CPU cores and a single network port# should use four(4) network queues (hw.igb.num_queues=4). Or, set# hw.igb.num_queues to zero(0) to allow the FreeBSD driver to automatically set# the number of network queues to the number of CPU cores. It is not recommend# to allow more network queues than real CPU cores per network port.## Query total interrupts per queue with "vmstat -i" and use "top -CHIPS" to# watch CPU usage per igb0:que. Multiple network queues will trigger more total# interrupts compared to a single network queue, but the processing of each of# those queues will be spread over multiple CPU cores allowing the system to# handle increased network traffic loads.hw.igb.num_queues="2" # (default 0 , queues equal the number of CPU real cores)# Intel igb(4): FreeBSD puts an upper limit on the the number of received# packets a network card can process to 100 packets per interrupt cycle. This# limit is in place because of inefficiencies in IRQ sharing when the network# card is using the same IRQ as another device. When the Intel network card is# assigned a unique IRQ (dmesg) and MSI-X is enabled through the driver# (hw.igb.enable_msix=1) then interrupt scheduling is significantly more# efficient and the NIC can be allowed to process packets as fast as they are# received. A value of "-1" means unlimited packet processing and sets the same# value to dev.igb.0.rx_processing_limit and dev.igb.1.rx_processing_limit . A# process limit of "-1" is around one(1%) percent faster than "100" on a# saturated network connection.hw.igb.rx_process_limit="-1" # (default 100 packets to process concurrently)I have also went through this. No measurable improvement in throughput.machdep.hyperthreading_allowed="0" # (default 1, allow Hyper Threading (HT)) --> NOT APPLICABLE to my case. This AMD CPU has 4 physical cores, and sysctl hw.ncpu --> 4, so HT (even if supported, I am not sure) is not active currently.hw.igb.num_queues="2" # (default 0 , queues equal the number of CPU real cores)--> I have 4 cores, 2 active NIC, each NIC supports up to 4 queues. I used by defaulthw.igb.num_queues="0", but tried it with hw.igb.num_queues="2" as well.No improvement in throughput (for single-flow).But! It seems degraded the multi-flow performance heavily.hw.igb.enable_msix=1 was like that since the beginninghw.igb.rx_process_limit="-1" --> was set, but no real improvement in throughputdev.igb.0.rx_processing_limit and dev.igb.1.rx_processing_limit is both set to "-1" as per previous entry didI am very sad that this wont be solveable under Opnsense without switching to competitors or switching the hardware itself.
https://calomel.org/freebsd_network_tuning.html# Disable Hyper Threading (HT), also known as Intel's proprietary simultaneous# multithreading (SMT) because implementations typically share TLBs and L1# caches between threads which is a security concern. SMT is likely to slow# down workloads not specifically optimized for SMT if you have a CPU with more# than two(2) real CPU cores. Secondly, multi-queue network cards are as much# as 20% slower when network queues are bound to real CPU cores and well as SMT# virtual cores due to interrupt processing inefficiencies.machdep.hyperthreading_allowed="0" # (default 1, allow Hyper Threading (HT))# Intel igb(4): The Intel i350-T2 dual port NIC supports up to eight(# input/output queues per network port, the card has two(2) network ports.## Multiple transmit and receive queues in network hardware allow network# traffic streams to be distributed into queues. Queues can be mapped by the# FreeBSD network card driver to specific processor cores leading to reduced# CPU cache misses. Queues also distribute the workload over multiple CPU# cores, process network traffic in parallel and prevent network traffic or# interrupt processing from overwhelming a single CPU core.## http://www.intel.com/content/dam/doc/white-paper/improving-network-performance-in-multi-core-systems-paper.pdf## For a firewall under heavy CPU load we recommend setting the number of# network queues equal to the total number of real CPU cores in the machine# divided by the number of active network ports. For example, a firewall with# four(4) real CPU cores and an i350-T2 dual port NIC should use two(2) queues# per network port (hw.igb.num_queues=2). This equals a total of four(4)# network queues over two(2) network ports which map to to four(4) real CPU# cores. A FreeBSD server with four(4) real CPU cores and a single network port# should use four(4) network queues (hw.igb.num_queues=4). Or, set# hw.igb.num_queues to zero(0) to allow the FreeBSD driver to automatically set# the number of network queues to the number of CPU cores. It is not recommend# to allow more network queues than real CPU cores per network port.## Query total interrupts per queue with "vmstat -i" and use "top -CHIPS" to# watch CPU usage per igb0:que. Multiple network queues will trigger more total# interrupts compared to a single network queue, but the processing of each of# those queues will be spread over multiple CPU cores allowing the system to# handle increased network traffic loads.hw.igb.num_queues="2" # (default 0 , queues equal the number of CPU real cores)# Intel igb(4): FreeBSD puts an upper limit on the the number of received# packets a network card can process to 100 packets per interrupt cycle. This# limit is in place because of inefficiencies in IRQ sharing when the network# card is using the same IRQ as another device. When the Intel network card is# assigned a unique IRQ (dmesg) and MSI-X is enabled through the driver# (hw.igb.enable_msix=1) then interrupt scheduling is significantly more# efficient and the NIC can be allowed to process packets as fast as they are# received. A value of "-1" means unlimited packet processing and sets the same# value to dev.igb.0.rx_processing_limit and dev.igb.1.rx_processing_limit . A# process limit of "-1" is around one(1%) percent faster than "100" on a# saturated network connection.hw.igb.rx_process_limit="-1" # (default 100 packets to process concurrently)
You mean IPFire on the same hardware?
