Date: Fri, 25 May 2007 17:05:43 -0700 From: security <security@jim-liesl.org> To: Stephen.Clark@seclark.us Cc: freebsd-stable@freebsd.org Subject: Re: network performance 6.1 stable vs 4.9 Message-ID: <465779D7.6030502@jim-liesl.org> In-Reply-To: <4656D0FB.5070200@seclark.us> References: <4656D0FB.5070200@seclark.us>
next in thread | previous in thread | raw e-mail | index | archive | help
Stephen Clark wrote: > Hello List, > > We have a network appliance that is currently based on 4.9. We are in > the process of releasing > a new version based on 6.1 stable. > > In our testing using nttcp thru the appliance we see insignifant > difference in thruput between the 2 > versions in a controlled environment - aproximately 94mbs on a 100mb lan. > > We have a person that is testing the both system inhouse surfing out > over the internet on our T1 > link and he complains that he is consistently seeing the 6.1 version > being much slower than the > 4.9 version (on the same hardware). > He has been comparing the 6.1 system to 4.9 system for a couple of weeks > and continues to insist the 6.1 version is much slower. > > Are there any sysctl tunables that may affect performance going over > the internet > with a slower link, dropped packets, etc that could cause this? > Well, oddly enough I've playing with 6.1's perf as it relates to gigE lans so let me pass on a few things * polling only really helps if your nic is generating lot's of interrupts, or is having to compete with something that does. In fact, setting "polling" on an interface could make things seem slightly LESS responsive for small requests * nic chipset selection is important, but probably not for a f/w dealing with t1/broadband speeds * Don't even get down tweaking tcp send and recv buffers. You have no idea what the BDP will be on your WAN link. Same thing for jumbo frames on the inside link. o Having said that, This is what is in my sysctl.conf file. It does matter in a gigE lan, but probably not for a SMB firewall thats only got a t1 on the WAN side. kern.ipc.maxsockbuf=8192000 net.inet.tcp.sendspace=262144 net.inet.tcp.recvspace=262144 * make sure you set net.inet.tcp.rfc1323: 1 (most likely the default) * play with net.inet.tcp.inflight.enable (0 or 1), it never made a diff in my gigE lan testing * get real data using iperf (in ports/benchmarking) if you go to the iperf website, they have binaries for windows o XP's default network tuning is beyond bad, but your customers most likely aren't tweaking their registries either * use netstat -m to look at your buffer usage, particularly if you're dropping packets * depending on how much memory you have you might want to jump up kern.ipc.nmbclusters, but only if you seem to be dropping packets. * verify that your nics are setting speed and duplex correctly * which firewall package are you using? * use ethereal/wireshark to examine your net flow. Alot of tcp resets and retransmits can make a big impact if TCP is constantly having to resync. jim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?465779D7.6030502>