January 20, 20188 yr I've just updated to 6.4.0 with the Spectre/Meltdown 'patches' (from rc15a IIRC) and have discovered that when I'm now hammering my connection, I get the best part of 40% CPU usage at ~25MB/sec (220Mbits give or take) when I used to hover around 15%. I've removed cores 2-3, 6-7 from general use via syslinux.cfg and assigned pfsense to 3 and 7 (I.e. core 4 + it's HT thread), so pfsense has its own 'core'. If I were to extrapolate from 220Mbits to 1Gbit (which may happen before I update the server) means that potentially my setup is no longer capable of running such a connection on one dedicated core. Currently not happy that I can loose such a chunk of performance in one fell swoop, (from reading up on the subject I'm of the opinion that if someone has gained access to my server that this bug is the least of my worries!!!) Hardware is a Supermicro X10-SLL and a E3-1230 v3. It had a microcode update back in nov... "microcode: microcode updated early to revision 0x23, date = 2017-11-20". Edit Seems Intel released another one: 20180108, wonder when I'll get that! So I was wondering what anyone else has seen performance wise pre and post patches? Edited January 20, 20188 yr by Interstellar
January 20, 20188 yr Mine hasn't changed from sub 15% usage (2 cores assigned) Edited January 20, 20188 yr by DZMM
January 21, 20188 yr yep - Xeon E5-2683 V3. Full spec in signature. I've been watching the usage for a few mins now and occassionally it spikes at around 25-30%, but drops back down sub 10%. Do you have a lot of traffic going through a VPN? If not, maybe it's a rogue package.
January 21, 20188 yr no particular problem. and here's the fun part: once pfsense updates to include the fix, it may slow down even more for you!
January 22, 20188 yr Author On 21/01/2018 at 11:55 AM, DZMM said: yep - Xeon E5-2683 V3. Full spec in signature. I've been watching the usage for a few mins now and occassionally it spikes at around 25-30%, but drops back down sub 10%. Do you have a lot of traffic going through a VPN? If not, maybe it's a rogue package. Nope - just by doing thinkbroadband's new speed test which maxes out my connection results in that kind of level. Can we disable the patch? (If they've got to my server already I doubt this will make much of a difference!) Edited January 22, 20188 yr by Interstellar
January 22, 20188 yr after re-reading your post, I don't think this is a patch issue, and I'll tell you why: you've isolated the cores from unraid, which is the patched os. unRaid doesn't touch them. Only pfsense uses them and since it is currently unpatched (afaik,) then the patch can't be the issue. unless you're somehow maxing out emulator functions for the vm pinned to another single core, which would be affected. that is, unless my understanding of core isolation is flawed. perhaps your issue lies elsewhere....
Archived
This topic is now archived and is closed to further replies.