[Soekris] high CPU usage for network interrupts on 4801
quension at mac.com
Sun Sep 16 20:26:13 UTC 2007
On Sep 16, 2007, at 12:11 PM, Jan Hoevers wrote:
> I'm using a Soekris net4801-60 as a router, with a lan1641 in the PCI
> slot, giving me 7 ethernet ports. I'm running pfSense 1.0.1, a routing
> package based on FreeBSD 6.1 and PF.
> The NTP pool doesn't generate much traffic, but it comes in bursts of
> approximately an hour. Yesterday I was closely monitoring such a
> burst, with a bandwith of 230 kbit/sec, quite stable for about 30
> minutes. Nothing extreme for a 4801, I would say.
> It surprised me that the Soekris was running > 50% CPU, the "top"
> display revealed that it was almost entirely interrupt processing.
> This would mean that I will run into trouble with a NTP spike of 500
> kbit/sec. That surprises me because I remember posts on this list
> stating about 40 Mbit/sec throughput for a 4801.
> I've tried downloading a large file to the NTP machine at a much
> higher speed (6800 kbit/sec), which takes about 75% CPU for interrupt
> processing. I guess the small size of NTP packets is inefficient.
Yes, figures like 40Mbps are a "best case" scenario with full-size
packets. With small packets, the limiting factor is packets per
second, as each one incurs processing.
> However, this 75% is stil much higher than I would expect.
That seems a bit high to me too. What are the other 5 ethernet ports
> I've tried moving the NTP machine from an ethernet port on the 1641 to
> one on the 4801 board in an attempt to avoid the PCI bus, but it makes
> little or no difference. (Maybe I'm not avoiding the PCI bus this way,
> I'm not sure.)
You're not, it all goes over the PCI bus either way.
> I'm not a hardware or unix guru and I've run out of clues. What's
> going wrong? Is there anything I can do? Or do I see a problem that
> doesn't exist?
> Would it be better to leave pfSense and install FreeBSD and PF from
I'll let others cover FreeBSD specifically, since I haven't done any
testing with recent versions. One thing that would help is getting a
handle on what pps rates you're actually seeing, though. I don't know
if pfsense measures it, but you can get an idea with:
netstat -I sis0 -w 1
(Replace sis0 with the external interface.)
More information about the Soekris-tech