From owner-freebsd-net@FreeBSD.ORG  Thu Jun 19 12:45:20 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 96B5F37B401
	for <freebsd-net@freebsd.org>; Thu, 19 Jun 2003 12:45:20 -0700 (PDT)
Received: from manganese.bos.dyndns.org (manganese.bos.dyndns.org
	[66.151.188.2])	by mx1.FreeBSD.org (Postfix) with ESMTP id DDCD343F3F
	for <freebsd-net@freebsd.org>; Thu, 19 Jun 2003 12:45:19 -0700 (PDT)
	(envelope-from tom@dyndns.org)
Received: from manganese.bos.dyndns.org (tom@localhost [127.0.0.1])
	h5JJjIWN074070
	for <freebsd-net@freebsd.org>; Thu, 19 Jun 2003 15:45:18 -0400 (EDT)
	(envelope-from tom@dyndns.org)
Received: from localhost (tom@localhost)h5JJjI74074067
	for <freebsd-net@freebsd.org>; Thu, 19 Jun 2003 15:45:18 -0400 (EDT)
X-Authentication-Warning: manganese.bos.dyndns.org: tom owned process doing
	-bs
Date: Thu, 19 Jun 2003 15:45:18 -0400 (EDT)
From: Tom Daly <tom@dyndns.org>
X-X-Sender: tom@manganese.bos.dyndns.org
To: freebsd-net@freebsd.org
Message-ID: <Pine.BSF.4.53.0306191542190.71421@manganese.bos.dyndns.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Firewall Performance Question.
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jun 2003 19:45:20 -0000

Hello,
I am currently running a Dell Poweredge 350 with FreeBSD 4.7 as a network
firewall for one of our sites. This site sees about 3 megabits of traffic.
The average firewall ruleset runs around 600-800 rules, running on IPFW.
The PE350 uses dual fxp chips on the machine's single PCI bus.

Could this be a direct cause of why my system's interrupt usage is over
50% at many times, as well as sending ICMP source quenchs from time to
time?

Can anyone suggest a performance tweak to help this box along?

Thanks,
Tom

-- 
Tom Daly
tom@dyndns.org
Chief Infrastructure Officer
Dynamic DNS Network Services
http://www.dyndns.org/