SMP & Firewall

Matthias Rampke matthias.rampke at googlemail.com
Sun Feb 1 03:28:25 PST 2015


Yes. There are two resources where it will get you farther: interrupts and
states.

You will be pushing a lot of packets (=lots of interrupts to get them off
the NIC) in this setup, with a non-SMP firewall one core has to deal with
all of them. DragonFly takes great care to spread the processing as much as
possible.

With web requests you will probably have many, relatively low-volume
connections, that amounts to a lot of state the firewall/LB has to take
care of ("which backend does this packet go to"). SMP helps with the
bookkeeping.

Both of these do not degrade gracefully in my experience: you hit the limit
and performance falls off a cliff. If you can, run some load tests to know
when that happens.

/mr

On Sun, Feb 1, 2015, 03:58 Jeremy <dyre17 at gmail.com> wrote:

> Does SMP matter to a firewall?
>
> For example:  IF I was using one machine to load balance to 3 other web
> servers.  Would SMP affect how it handles traffic?
>
> -Jeremy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20150201/27ea25e2/attachment-0008.html>


More information about the Users mailing list