meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
sw:opnsense:performance [2025/08/22 11:43] – created niziaksw:opnsense:performance [2025/08/22 12:06] (current) niziak
Line 1: Line 1:
 ====== Performance ====== ====== Performance ======
 +
 +  * [[https://docs.opnsense.org/troubleshooting/performance.html|Performance]]
 +  * [[https://medium.com/@truvis.thornton/opnsense-firewall-configuration-performance-tuning-for-multi-gigabit-internet-and-better-speeds-in-cfc80c49c544|OpnSense Firewall Configuration: Performance Tuning for Multi-Gigabit Internet and better speeds in general
 +Truvis Thornton]]
 +
 +===== sysctl =====
  
   * **hw.ibrs_disable=1** Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)   * **hw.ibrs_disable=1** Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)
   * **vm.pmap.pti=0** Page Table Isolation (Meltdown mitigation, requires reboot.)   * **vm.pmap.pti=0** Page Table Isolation (Meltdown mitigation, requires reboot.)
 +  * **net.isr.maxthreads=-1** (was 1 thread) This uncaps the amount of CPU’s which can be used for netisr processing. By default this aspect of the network stack on FreeBSD seems to be single threaded. Default -1 is 1 thread per cpu. 
 +  * **net.isr.bindthreads=1** This binds each of the ISR threads to 1 CPU core, which makes sense to do since we are launching one per core.