Polling and FreeBSD

In a default pfSense configuration, any time a NIC needs attention, it generates an interrupt. In some instances, rather than having to deal with heavy interrupt load, alternative methods improve performance. An alternative to interrupt-driven operation in FreeBSD is using device polling. This stops interrupts from being generated and polls the devices a set number of times per second. This value is kern.hz, which is 1000 by default on pfSense full installations, with 100 as the default on embedded and any hardware automatically detected as VMware.

The general consensus in the FreeBSD community used to be that polling is faster, and performance testing proved this. This comes from back in the FreeBSD 4.x days. It’s still ingrained in a lot of BSD people’s heads as being faster, but that’s just not true anymore for firewall scenarios. Polling in FreeBSD 5.x through -CURRENT all have some serious issues in firewall deployments. It always drastically lowers network throughput on pfSense and all other FreeBSD 5.x, 6.x, and -CURRENT systems.

The only reason I would suggest using polling at this time is if your hardware runs at its maximum capacity frequently, because an overloaded pfSense install is completely unresponsive on all management interfaces - the console, SSH, and webGUI. The better solution is to size your hardware adequately for the amount of throughput you require, and don’t push your hardware past its capacity.