Re: Linux Firewall: Hardware questions: interrupts and network cards

[Paul Slootman <paul@debian.org>]

On Wed 23 Nov 2005, Theodore Knab wrote:
> 
> I have Xeon 700MHz Netfinity running as campus firewall managing
> about 10K - 300K sessions on a T3. It runs the 2.6.8 kernel and 
> IPtables in bridge mode.
> 
> When I use 2 cpu's the systems seems to get interrupt collisions. Are
> interrupt collisions common with dual CPU systems on Linux firewalls ?

Why do you say "seems to get interrupt collisions", what are the
symptoms? Here we don't have any such problems (firewall that handles
200Mbit/s routinely, all sorts of traffic, although a large chunk is
web).

> Also, are there any good network cards that have 2 - 3 ethernet ports on them and
> only require 1 IRQ ? I think multiple port PCI cards would offer greater preformance
> than 2 or 3 separate PCI cards. Correct me if I am wrong. 

You're wrong :)  A multiple port PCI card is typically built using a PCI
bridge on the card, hence creating a new PCI bus. This extra level of
indirections won't help. Each interface will still be separate. Having
all share the same interrupt is typically not that useful.


Paul Slootman