The only other way to utilize more cores would be to leave SMT enabled, disable VPN acceleration, then substantially reduce the number of SNDs, thus forcing all the VPN operations onto all of the worker cores where you could go well beyond 16. SMT benefits Firewall Workers/Instances a fair amount, but an SND operates much better with full access to a single physical core rather than 2 separate SNDs vying for the same physical core via SMT threads. However given that practically all the processing happens on the SNDs in this case I agree with the other posters that disabling SMT will help here, potentially a lot. Dynamic balancing/split will not really help due to this limit once there are 16 or more SNDs allocated, as it will always use the same 16 cores for all interface processing I think this has to do with how the IRQs are affined. The only way to do so would be to acquire and install a new Intel NIC card utilizing the i40e driver which supports at least 48 queues (but beware that certain older NIC hardware has lower limits) or a Mellanox card (driver mlx5_core) which supports at least 60 queues. You cannot go beyond 16 queues for a ixgbe-driven NIC, it is a driver limitation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |