Date: Wed, 25 Sep 2002 17:08:03 -0500 From: David Kelly <dkelly@hiwaay.net> To: Cody Swanson <cswanson@pei.eastlink.ca> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Performance issues with natd Message-ID: <20020925220803.GC17390@grumpy.dyndns.org> In-Reply-To: <007401c264bd$d97909e0$0401a8c0@win2000> References: <007401c264bd$d97909e0$0401a8c0@win2000>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 25, 2002 at 03:02:47PM -0300, Cody Swanson wrote: > Hello all, > > I just setup a 4.6.2 machine locally on my network at home to replace an > aging Linux NAT box I had going. Clients behind the new box can only get > 100k/sec downloads while clients behind the old Linux box (running ipchains) > get 400k/sec+ downloads off the same cable modem. Locally on the new FreeBSD > box I can get 400k/sec downloads with lynx, it just seems as if the NAT is > not framing packets right. Also, I have tried downloads from other freeBSD > machines, Linux machines and windows2000 machines from inside the network. > All max out at around 100k/sec on a download through the NAT box. Again, if > I download on the > box it self I can see 400k/sec. > > The machine is a PIII500 with 512mb ram. I have a 3com 3c905 nic for the > internal LAN and a D-Link 530TX revA card for the external link to my cable > modem. I rebuilt the GENERIC kernel with the following options: > > options IPFIREWALL > options IPDIVERT > > And I added the following lines to rc.conf (as noted in the handbook) > > gateway_enable="YES" > kern_securelevel_enable="NO" > ifconfig_xl0="inet 192.168.1.254 netmask 255.255.255.0" > ifconfig_vr0="DHCP" One thing to try is to invert the functions of vr0 and xl0. Another Good Thing To Try is to read man pages and source code on the devices you are using. This is found in /usr/src/sys/pci/if_vr.c: * * The Rhine has a serious flaw in its transmit DMA mechanism: * transmit buffers must be longword aligned. Unfortunately, * FreeBSD doesn't guarantee that mbufs will be filled in starting * at longword boundaries, so we have to do a buffer copy before * transmission. */ Am suggesting replacing the vr0 with something else such as another 3c905. I use a pair of Intel 10/100's in my PIII-500 box and would have to measure carefully to detect any thruput blockage. My guess as to what is happening is the additional copy required by the vr0 interrupts the rhythm between your inside client and the outside cable system so that data doesn't stream at full rate when passing thru but is OK when it stops at the FreeBSD firewall/router/gateway. In a PII-300 system I use an onboard 3c905 and an Intel 10/100. IPFW, NATD, DIVERT, essentially the same as you but only 64MB, and once again the restriction is too small to notice without careful measurement. It too is connected to a cable modem but throttled at 500kbits/sec. I have a spare PII but have not bothered to benchmark it ethernet to ethernet. When I last paid close attention to Linux it had some odd notions as to who and what should have priority and when. Years ago a Linusian trolling the FreeBSD lists was mighty proud of the lack of latency in his gigabit ethernet driver. The performance quoted was such the driver must have had nearly exclusive access to the CPU. Not so bad if you have nothing else to do but feed that driver. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020925220803.GC17390>