The current if_bridge implementation contends heavily on a single BRIDGE_LOCK mutex. As a result it’s limited to a little over 1 million packets per second, regardless of the number of cores in the system. This means, for small packets, it can just about saturate a 1Gbps link, but little more than that. With full (1500 byte) packets it can saturate a 10Gbps link, but not a 40Gbps or faster link. The system spends the vast majority of its time waiting to acquire the bridge lock.

The overall idea is to replace the single mutex by two read-mostly locks, one protecting the overall bridge, and a second to protect the forwarding table. The vast majority of packets will only require read locks, allowing multiple cores to pass packets over the bridge simultaneously.

This project is in progress with a target completion date for early spring 2020.