Date: Sun, 9 Mar 2008 09:50:06 -0500 From: "Bill Marquette" <bill.marquette@gmail.com> To: "Lorenz Helleis" <lorenzhelleis@yahoo.com.br> Cc: freebsd-pf@freebsd.org Subject: Re: Res: Res: Dropped Packets Message-ID: <55e8a96c0803090750g225704f4k6298770ee9fa9009@mail.gmail.com> In-Reply-To: <312816.32112.qm@web53707.mail.re2.yahoo.com> References: <312816.32112.qm@web53707.mail.re2.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 7, 2008 at 4:40 PM, Lorenz Helleis <lorenzhelleis@yahoo.com.br> wrote: > This is an internal firewall... I think the entry in the table session = is desapearing, so the client needs to make > another conection. I=B4m thi= nking about create a stateless rule. I suspect this will only decrease your packet rates. From what I understand, state table lookups are MUCH cheaper than rule table lookups. Also, the congestion count increases (from memory) when the nic can't send packets, you might look at increasing then net.inet.ip.intr_queue_maxlen sysctl if net.inet.ip.intr_queue_drops is showing a non-zero value (which it likely is if you are pushing 400kpps w/out increasing the queue). BTW, what version of FreeBSD, I didn't see it already mentioned in the thre= ad. --Bill
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55e8a96c0803090750g225704f4k6298770ee9fa9009>