Pass through isn’t going to happen on this board because there are basically just 3 IOMMU groups with ACS, AER, and SR-IOV enabled. 1 for GPU slot, 1 for a single m2 slot, and 1 for everything else. It sucks.
Supposedly an IOMMU-aware NIC can still help me even if the groups are shitty but I’m not certain if that’s true.
I’m not running an epyc. Way too spendy for me. I was using direct attachment pasture but that was failing over to Macvtap because this motherboard sucks and the IOMMU/ACS shit only actually works on the GPU slot and 1 M.2 slot.
Supposedly I can use IOMMU with an i350 and that will work good enough but I’m not certain if this as it’s not the same as a direct passthru so I’m worried I’ll have similar issues.
I’m also reading the i226v NIC I have is kind of ass anyway.
Well I was going to drop to IDS instead of IPS and that’s good enough for home use. The load numbers on the host were 2 full cores used but that’s the NIC doing paravirtualizarion crap there. In bare metal, top shows nothing but the fans do spin up so it’s not telling me the whole story.
I think swapping to an i350 nic will help but I’m not certain if it will really help enough.
Looking deeper into it, this is kinda what its been falling back to since the passthru wasnt working even though it was offered as an option in cockpit and it threw no errors trying to do it. I put the lan side in a bridge and tied the hosts stuff in that way, then put the wan on a macvtap to the wan. that working but performance isnt great. I ran some tests today against bare metal and while direct access to the NIC certainly improves things, its still not keeping up.
direct macbook to cable modem: 916/40
opnsense virtualized (with vlans and rules): 699/41
opnsense bare metal (with vlans and rules): 816/39
opnsense bare metal (with vlans and rules and hardware offload fully enabled): 824/40
the only rules in place were the defaults, the rule to block vlans from talking to eachother, and the rule to pass traffic to WAN. when virtualized, I cannot get PCI passthru so I was using macvtap interfaces and virtuio drivers with 4 threads and 4 pinned CPU threads.
CPU is a ryzen 5800XT
NIC is a dual port intel I226V
when virtualized, it was running under fedora server with QEMU/KVM q35 and given 8gigs of ram with hugepage memory and tested in both 2 and 4 thread resource allocation (all confirmed to be on the same 1 or 2 physical cores as the threads) and eventually even giving 4 threads to the virtuio driver (it was only claiming 1 thread before).
Bare metal IS definitely helping, so it looks like I need to swap out for a motherboard that can do proper PCI passthru of the NIC (now that I understand the limitations of IOMMU groups they specs of the board dont tell you about I hate them all the more.) but it still cant hit line rates. Theres no IDS or suricata or any of the fanciness turned on yet though, so I just dont understand why its this slow even bare metal.
Yes I meant movement happens server side, which is why this example cheat couldnt work. it would be telling the server what to do, and the server could always say "no, fuck off, thats not something you were coded to be able to do". Sorry if I didnt convey that clearly.
I also understand the client has to draw things faster than the server can respond "okay, I moved you 12 inches to the left" so it guesses the outcome and if the server later responds with "denied, no teleportation in rust" it will just snap you back to the last position the server approved of.
My point is anticheat client side suggests bad code server side.
Explain something to me. It’s a multiplayer game anything that affects all players should be handled on the server side, not the client. So if I make a cheat it can only be installed client side, not server side.
So if my hypothetical cheat looks at object placement and any time I sees a small object approaching at a high velocity it can say “I’m going to assume that’s a bullet based on what the server told me about it.” Then my cheat would say “your character moves from here to here until the bullet passes by, then moves back. I will tell the server you moved to the left 20 inches in the blink of an eye then moved back”
This works because the server just trusts what it’s told in this example.
So there are two options here to resolve this. Either the server sets thresholds and denies any placement changes look like the Flash is playing rust, or the server evaluates suspicious placement changes later when the cpu load it’s under is lower. The first approach stops much of this instantly but is computationally expensive and could not scale well for lots of players. The second would work well enough. You need to catch cheaters but it’s doesn’t have to be within the same exact cpu cycle.
In either case, these work because the server is taught to look for something that shouldn’t be possible. The enforcement happens server side. The client doesn’t fucking matter.
There is zero reason to put anti cheat on the client side when it’s not a P2P instance. Target a few servers, not thousands of players.
This board will not let me do pci passthru. Only the GPU slot and one of the m2 slots are in seperate IOMMU groups. Everything else is just dumped into the same IOMMU group.
libvirt qemu/kvm.I'm runnign into virtio bottlenecks I cant get out of now too. I cant do PCI passthru on this unless I give up the GPU on this board because I didnt consider that when I bought the hardware -_-
also, I have isolated and devoted 2 threads, 1 core, of a ryzen 5800XT CPU to this VM and my WAN download traffic wont exceed 625mbps! I dont even have IDS or anything enabled yet. How can that be?
She is so fucking angry at Disney and absolutely unrepentant about it. I love it. Stay real, Dana.