[j-nsp] Whitebox 10Gb/s capture challenge
Jonathan Lassoff
jof at thejof.com
Thu Jan 12 13:28:29 EST 2012
On Thu, Jan 12, 2012 at 10:20 AM, Drew Weaver <drew.weaver at thenap.com> wrote:
> Everyone pointed out really good notes here as well but as far as I know and this may have changed recently but if you do the 10Gbps / smallest possible packet size you'll crush the CPU before it ever gets anywhere near the disks.
I believe that this observation will depend heavily on the software in
use to communicate with your NIC. Certainly if your card is generating
interrupts per-packet, your system would be crushed under the load of
constantly switching contexts. However, with drivers that support
multiple ring buffers for reception (and especially those that are
thread-safe and can split the load across CPU cores), it's possible to
scale out a single "system" to handle even very high PPS loads.
Where this falls down in practice though is that some of the other
features in the kernel do not split their load across cores as cleanly
(netfilter/iptables included).
Still... if you have the means, using a capturing appliance can really
help ease this pain and frees you to worry about other portions of
your application.
--j
More information about the juniper-nsp
mailing list