From owner-freebsd-pf@FreeBSD.ORG Thu Jan 19 16:27:17 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B8E21065670 for ; Thu, 19 Jan 2012 16:27:17 +0000 (UTC) (envelope-from mistrzipan@gmail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id A998F8FC12 for ; Thu, 19 Jan 2012 16:27:16 +0000 (UTC) Received: by eaai10 with SMTP id i10so47844eaa.13 for ; Thu, 19 Jan 2012 08:27:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=P5bDLibWn5wCQvVZ6Y5hkzSIvZa4yeP7+HUM5rx0QFA=; b=uR78Ii7vcbvELfbrUCxK4rKoooE9mHZLQ6ugq19G1OcFd1cdoUq3eOXaLAvShqtruv S3FogD4PrJWCQdFd7axysUKchlYMbv6R+6uMtnKuIOigemYIjuHx9Vm4NXcagtUwGQPS ANqwN1SKVXDaSELC4Da5n3dBUxrizsMtrTlVo= Received: by 10.213.16.141 with SMTP id o13mr6432696eba.61.1326988915842; Thu, 19 Jan 2012 08:01:55 -0800 (PST) Received: from [192.168.32.109] (dynamic-78-8-63-102.ssp.dialog.net.pl. [78.8.63.102]) by mx.google.com with ESMTPS id t59sm114916768eeh.10.2012.01.19.08.01.53 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 19 Jan 2012 08:01:54 -0800 (PST) Message-ID: <4F183E6F.2030709@gmail.com> Date: Thu, 19 Jan 2012 17:01:51 +0100 From: "Bartek W. aka Mastier" User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.2.24) Gecko/20111108 Thunderbird/3.1.16 MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <4F183944.30101@wooh.hu> In-Reply-To: <4F183944.30101@wooh.hu> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Maximum throughput ? limit? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2012 16:27:17 -0000 W dniu 19.01.2012 16:39, Adam PAPAI pisze: > Dear List, > > I feel my freebsd box is reaching his limits. > > I'm doing load-balance with a pf (round-robin + NAT) in front of 3 web > and 3 database servers. Everything works fine with 100-120MBit/s, but > if it reaches over 150MBit/s to 200MBit/s or even 300MBit/s, the > connections are stucked, nobody can connect to the server. > > I checked it via "nload". And every time it goes over 150MBit/s it > stars to drop some connections. > > I have 40,000 connections at the same time. > > Could it be because the pf? I mean it reaches some maximum throughput? > > When i'm running the iperf from inside the NAT, it does only > 300-400MBit/s, but if I'm running it from the firewall itself, it does > 600-700 (it depends on the traffic). The servers are connected to each > other via GBit. > > Thanks in advance, > > Indeed. The default maximum is 10 000 states as I remember. I.e. one of the main routers in my case. core quad. set limit { states 300000, frags 10000, src-nodes 100000 }