From owner-freebsd-net@FreeBSD.ORG Mon Oct 24 04:54:25 2005 Return-Path: X-Original-To: net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D99C16A41F for ; Mon, 24 Oct 2005 04:54:25 +0000 (GMT) (envelope-from mv@roq.com) Received: from p4.roq.com (ns1.ecoms.com [207.44.130.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB65443D49 for ; Mon, 24 Oct 2005 04:54:24 +0000 (GMT) (envelope-from mv@roq.com) Received: from p4.roq.com (localhost.roq.com [127.0.0.1]) by p4.roq.com (Postfix) with ESMTP id BBA5A4C5EF; Mon, 24 Oct 2005 04:54:24 +0000 (GMT) Received: by p4.roq.com (Postfix, from userid 1007) id A0AC44CCF5; Mon, 24 Oct 2005 04:54:24 +0000 (GMT) Received: from [192.168.0.3] (ppp157-158.static.internode.on.net [150.101.157.158]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by p4.roq.com (Postfix) with ESMTP id 0412E4C5EF; Mon, 24 Oct 2005 04:54:21 +0000 (GMT) Message-ID: <435C68FC.9090506@roq.com> Date: Mon, 24 Oct 2005 14:54:20 +1000 From: Michael VInce User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.7.12) Gecko/20051019 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Michael VInce , net@FreeBSD.org References: <20051020140200.GL59364@cell.sick.ru> <4359FFE3.7060001@roq.com> <20051022091905.GH59364@cell.sick.ru> <435B3A92.1040600@roq.com> In-Reply-To: <435B3A92.1040600@roq.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on p4.roq.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.4 X-Virus-Scanned: ClamAV using ClamSMTP Cc: Subject: Re: em(4) patch for test X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Oct 2005 04:54:25 -0000 I just have to point out that below I made a statement that proved I should of gone to bed earlier instead of doing benchmarks :). The 901 http States and ssh state have nothing to do with each other as there on different pf rules. Mike Michael VInce wrote: > I did watch the gateway (B) pf state table and did an ab test with and > without pf running, I didn't see any difference in results when having > pf running with stateful rules, ab's Time per requests stayed low and > transfer rates stayed high. Most of the time the total states were > exactly 900 (plus 1 for ssh session) which would make sense > considering the 900 keep-alive concurrency level on the ab test. > > pftop output > RULE ACTION DIR LOG Q IF PR K PKTS BYTES STATES MAX > INFO > 0 Pass In Q em2 tcp M 37362067 1856847K 901 > inet from any to server-c port = http > >