Prev: tools to monitor network traffic from the server side
Next: jitter acceptable values in a LAN
From: Mark on 27 Jul 2010 22:29
Hello,

we're designing SOHO router based on MIPS processor, wired up with 24-ports
switch. The CPU runs NAT (configured with iptables), iptables rules, dhcp
etc. it doesn't have any H/W acceleration for these functions. When testing
NAT in full-mesh mode (i.e. one WAN port and others are LAN port), we
observe the significant system's slowdown, especially console responds very
slowly, and there is also packets loss.
The 'top' shows that ksoftirqd consumes over 80% of CPU.

What can be the reason of such behaviour? As I know Linux NAT runs in kernel
space, so it should not be a problem of context switching?

--
Mark

From: David Schwartz on 28 Jul 2010 19:04
On Jul 27, 7:29 pm, "Mark" <mark_cruzNOTFORS...(a)hotmail.com> wrote:

> we're designing SOHO router based on MIPS processor, wired up with 24-ports
> switch. The CPU runs NAT (configured with iptables), iptables rules, dhcp
> etc. it doesn't have any H/W acceleration for these functions. When testing
> NAT in full-mesh mode (i.e. one WAN port and others are LAN port), we
> observe the significant system's slowdown, especially console responds very
> slowly, and there is also packets loss.
> The 'top' shows that ksoftirqd consumes over 80% of CPU.
>
> What can be the reason of such behaviour? As I know Linux NAT runs in kernel
> space, so it should not be a problem of context switching?

It sounds like the CPU just doesn't have the horsepower to do all the
tasks it is doing. How many packets per second, and how many
connections, are you NATing? What MIPS processor is this?

DS
From: Jorgen Grahn on 9 Aug 2010 15:34
["Followup-To:" header set to comp.os.linux.networking.]
On Wed, 2010-07-28, Mark wrote:
> Hello,
>
> we're designing SOHO router based on MIPS processor, wired up with 24-ports
> switch. The CPU runs NAT (configured with iptables), iptables rules, dhcp
> etc. it doesn't have any H/W acceleration for these functions. When testing
> NAT in full-mesh mode (i.e. one WAN port and others are LAN port), we
> observe the significant system's slowdown, especially console responds very
> slowly, and there is also packets loss.
> The 'top' shows that ksoftirqd consumes over 80% of CPU.

Get the mpstat(1) command and check the output from mpstat -P ALL <n>
to get a different view of it (or check the files in /proc which give
you the same info, except in raw form).

mpstat(1) is part of the sar package, I think.

> What can be the reason of such behaviour? As I know Linux NAT runs in kernel
> space, so it should not be a problem of context switching?

/Jorgen

--
// Jorgen Grahn <grahn@ Oo o. . .
\X/ snipabacken.se> O o .
 | 
Pages: 1
Prev: tools to monitor network traffic from the server side
Next: jitter acceptable values in a LAN