Thanks John,
You have been most helpful.
Do you happen to have any suggestion to the following:
In my lab test with two identical Core I5 machines I created a syn flood on a gigabit switch: In the originating machine I was able to get 800k pps using one core only and that core was used at 75% with top reporting most of the consumption was at SYS, and SI almost nothing. At the recieving side the core assigned to the IRQ of the NIC was maxed with 100% SI (syn cookies was disabled).
Why is clearly so significantly expensive for the recieving side rather than the sending side to process a syn flood if they have identical hardware? Oh and btw the recieving side could only do 400k pps.
Thanks! Alex
On 05/20/2013 11:45 PM, John R Pierce wrote:
On 5/20/2013 10:24 PM, Alex Flex wrote:
We run a reverse proxy so our CPU need for that is very small, plus we get syn flooded often.. which is why we have the need to be able to load between cores, i think it is justified.
IRQ handlers are not reentrant, as the hardware can't deal with it.
you can only have one CPU thread at a time in the IRQ handler for a specific device, so you might as well just handle one device with one CPU. if you have several ethernet adapters, then I'd hope the IRQs could be distributed
one device interrupting both cores would cause a lot of trouble with hardware contention, or it would need to be all spinlocked which would make it worse, you'd be CPU bound in TWO cores in spinlocks half the time.
but again, a Server adapter like a Intel Pro1000 or whatever, something like... http://www.amazon.com/Intel-1000-Dual-Server-Adapter/dp/B000BMZHX2
will do much better than some $5 realtek junk.