Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
documentation:examples:dropping_packets_at_high_rate [2020/02/07 16:36] – [Performance impact] olivier | documentation:examples:dropping_packets_at_high_rate [2020/02/12 19:52] – [NIC level configuration] olivier |
---|
- First rule is to deny a blacklist table (IP addresses) | - First rule is to deny a blacklist table (IP addresses) |
- Second rule is to allow all the rest | - Second rule is to allow all the rest |
- Disable the outgoing [[https://www.freebsd.org/cgi/man.cgi?query=pfil&apropos=0&sektion=0&manpath=FreeBSD+12.1-RELEASE+and+Ports&arch=default&format=html|pfil(9)]] hook at IP level because we don't need to filter outgoing traffic | - Disable the outgoing [[https://www.freebsd.org/cgi/man.cgi?query=pfil&apropos=0&sektion=0&manpath=FreeBSD+12.1-RELEASE+and+Ports&arch=default&format=html|pfil(9)]] hook at IP level because we don't need to filter outgoing traffic in this case |
| |
<code> | <code> |
</code> | </code> |
==== NIC level configuration ==== | ==== NIC level configuration ==== |
(A FreeBSD 13 / head) only feature. | ** A FreeBSD 13 (-head) only feature.** |
| |
Currently the [[https://svnweb.freebsd.org/changeset/base/343631|Pfil Memory Pointer Hooks]] feature is supported by [[https://svnweb.freebsd.org/changeset/base/346632|iflib]], [[https://svnweb.freebsd.org/changeset/base/356613|vtnet]], [[https://svnweb.freebsd.org/changeset/base/346247|Mellanox]] and [[https://svnweb.freebsd.org/changeset/base/357483|Chelsio]] drivers. | Currently the [[https://svnweb.freebsd.org/changeset/base/343631|Pfil Memory Pointer Hooks]] feature is supported by [[https://svnweb.freebsd.org/changeset/base/346632|iflib]], [[https://svnweb.freebsd.org/changeset/base/356613|vtnet]], [[https://svnweb.freebsd.org/changeset/base/346247|Mellanox]] and [[https://svnweb.freebsd.org/changeset/base/357483|Chelsio]] drivers. |
</code> | </code> |
| |
==== Performance impact ==== | ==== Performance benches ==== |
| |
Hardware: | Hardware: |
</code> | </code> |
| |
To improve the TCAM performance for a filtering usage, all unused "regions" will be disabled to kept only the route and filter. | To improve the TCAM performance for a filtering usage, all unused "regions" will be disabled to kept only the route and filter (32 entries for route + 2016 for filter = 2048 total). |
| |
For that we need to download a [[https://svnweb.freebsd.org/base/head/sys/dev/cxgbe/firmware/t5fw_cfg_hashfilter.txt?view=co|default TCAM firmware configuration file for our T5 NIC]] to modify its parameters then load the modified configuration into the NIC flash and instruct the NIC to use the file from its flash. | For that we need to download a [[https://svnweb.freebsd.org/base/head/sys/dev/cxgbe/firmware/t5fw_cfg_hashfilter.txt?view=co|default TCAM firmware configuration file for our T5 NIC]] to modify its parameters then load the modified configuration into the NIC flash and instruct the NIC to use the file from its flash. |