SMP & Firewall

Matthias Rampke matthias.rampke at
Sun Feb 1 03:28:25 PST 2015

Yes. There are two resources where it will get you farther: interrupts and

You will be pushing a lot of packets (=lots of interrupts to get them off
the NIC) in this setup, with a non-SMP firewall one core has to deal with
all of them. DragonFly takes great care to spread the processing as much as

With web requests you will probably have many, relatively low-volume
connections, that amounts to a lot of state the firewall/LB has to take
care of ("which backend does this packet go to"). SMP helps with the

Both of these do not degrade gracefully in my experience: you hit the limit
and performance falls off a cliff. If you can, run some load tests to know
when that happens.


On Sun, Feb 1, 2015, 03:58 Jeremy <dyre17 at> wrote:

> Does SMP matter to a firewall?
> For example:  IF I was using one machine to load balance to 3 other web
> servers.  Would SMP affect how it handles traffic?
> -Jeremy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Users mailing list