Hello >I have a single OUTPUT rule (drop a particular UDP host:port) that >... >My 8 cores are all at about 30% usage when I have no rules defined >(and the packets are going out to the switch). When I add that rule, >one of the cores shoots to 100%, another to 70% or so. The rest don't >really change. Looks like two cores are being hit by ksoftirqd. There are some paths you can explore to achieve lower cpu usage/better core-load distribution: - try using smp_affinity - bind different nic irqs to different cores; you can also use bonding to achieve better traffic distribution among nics; - are you using intel i/o at dma support? it should lower network overhead for localy generated traffic; - try adjusting nic coalesce parameters - it should lower network cpu overhead at the cost of higher latency; Cheers Marek Kierdelewicz -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
