Greetings OpenBSD community,
I am running into severe bandwidth limitations whilst passing traffic
through an OpenBSD firewall.
The NIC in use is an Intel 10Gb 2-port X520 adapter from which I would
hope to pass through at least 7Gbps+, yet the best results I have
gotten is only around 3.5Gbps.
The results of bandwidth measurements (iperf for 30sec, lacp trunk is
2x10 Gbps, without carp means that the IP was moved on top of VLAN
direcly):
PF+carp+isakmpd+lacp = 2.03 Gbits/sec
PF+isakmpd+lacp = 2.88 Gbits/sec
PF+lacp = 2.53 Gbits/sec
lacp = 2.90 Gbits/sec
W/O LACP single direct 10 Gbps link to OpenBSD box = 3.44 Gbits/sec
In the full setup the interface hierarchy goes like this:
ix0+ix1 > trunk0 > vlanXXX > carpXXX
System running OpenBSD:
OpenBSD 6.6 (GENERIC.MP)
PowerEdge FC430
CPU: Intel(R) Xeon(R) CPU E5-2623 v4 @ 2.60GHz
Memory: 64 GB
NIC: 10GbE 2P X520 LP PCI-e 8x Adapter - Intel 82599
Output of /var/run/dmesg.boot:
https://pastebin.com/j8SkurNM
During the testing, CPU barely saw any real usage and 64GB of memory
should be more than enough.
My guess was that it might have been due to some sort of PF limit
kicking in, but the counters did not show that and the last test
excluded PF from the interface altogether.
Tested the bandwidth also with 1, 2, 4 cores but that did not change
the results for the better (left it at 4).
Does anyone have any further ideas on what to test or check which
might give a lead to getting this situation improved?
Or if that PCIe card is simply not capable of greater bandwidths using
OpenBSD, which cards would you recommend?
I also followed this thread previously listed on openbsd-misc:
https://marc.info/?l=openbsd-misc&m=157381313901337&w=2
Even though the case seems to be very similar, I did not manage to
find a solution from that thread which would work in this case.
Thank you for your time
Best regards,
Kalle
No comments:
Post a Comment