pppoe low performance

lavv17 · March 15, 2010, 4:55pm

I’d like to ask why pppoe in routeros has such a low performance. EoIP is several times faster (approx 5x in my setup based on cpu load and used bandwidth). I use dynamic simple queues if that matters.

roadracer96 · March 15, 2010, 5:42pm

Are you using encryption on the PPPOE server?

lavv17 · March 16, 2010, 8:20am

no encryption, no compression.
Interesting that cpu load with pppoe significantly depends on the number of pppoe clients, more than on the traffic.

Chupaka · March 16, 2010, 11:18pm

and what if you try without simple queues? =)

lavv17 · March 18, 2010, 7:10am

Is there any alternative for rate limitation with radius?

Chupaka · March 18, 2010, 10:35am

sure. use ‘Address-List’ parameter in Profile (or send it from radius), then create manually a few PCQ queues and mark packets for them according to those address lists

lavv17 · March 18, 2010, 1:59pm

Unfortunately, I also use Framed-Route attribute to create a dynamic static routes for some clients. That way PCQ will not work, as it is per-IP address limitation, not per-interface which I need.

Chupaka · March 18, 2010, 3:11pm

yep, it would be nice if we can have some PCQ Classifier rules, like ‘use 192.168.0.1 as fake src-address for the whole 192.168.0.0/28 subnet’ or ‘round each dst-address to /29’… Normis, one more feature request for v5? =)

omidkosari · March 18, 2010, 6:11pm

+1

lavv17 · March 22, 2010, 9:59am

Ok, thank you for pcq! I have implemented it and cpu load dropped somewhat (by 10-20%).

Has anybody profiled where the cpu is mostly spent?

lavv17 · March 22, 2010, 1:59pm

eliminating of “action=jump” in “ip firewall mangle” reduced cpu load even more.

I wonder why “action=jump” is so slow.

At 11:45 I have “optimized” mangle table with a jump to avoid duplicate checking an address list in 16 rules.
At 17:00 I have restored previous version without jumps.
(picture from RB1000)

lavv17 · March 25, 2010, 6:38am

Let me answer myself. It appears the cause for slowness of “jump” was change-tcp-mss=yes in ppp profile.
It creates many hidden entries in firewall mangle table and jump apparently uses linear search to find the named chain.

Chupaka · March 25, 2010, 3:04pm

I’m not sure that search is linear… anyway, many dynamic rules is not good - each packet should be processed by each rule…

lavv17 · March 25, 2010, 5:20pm

I can explain the significant raise of cpu usage when I added a new chain and a jump only by linear search in mangle/forward table.
Anyway change-tcp-mss=no now, pcq queues are in place, and cpu usage is below 50%
(200 pppoe users, 120 Mbit/s on RB1000)

Chupaka · March 25, 2010, 11:31pm

congratulations =)

yes, if you need change-tcp-mss=yes on many pppoe active seccions, it’s always better to set change-tcp-mss=no and then create corresponding static rules