From owner-freebsd-pf@FreeBSD.ORG Tue Mar 8 03:02:11 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADAFA16A4CE for ; Tue, 8 Mar 2005 03:02:11 +0000 (GMT) Received: from hotmail.com (bay24-f6.bay24.hotmail.com [64.4.18.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0133B43D5E for ; Tue, 8 Mar 2005 03:02:10 +0000 (GMT) (envelope-from segr@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 7 Mar 2005 19:02:10 -0800 Message-ID: Received: from 204.9.110.182 by by24fd.bay24.hotmail.msn.com with HTTP; Tue, 08 Mar 2005 03:02:09 GMT X-Originating-IP: [204.9.110.182] X-Originating-Email: [segr@hotmail.com] X-Sender: segr@hotmail.com In-Reply-To: <200503080152.11837.max@love2party.net> From: "Stephane Raimbault" To: max@love2party.net, freebsd-pf@freebsd.org Date: Mon, 07 Mar 2005 20:02:09 -0700 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 08 Mar 2005 03:02:10.0339 (UTC) FILETIME=[38635F30:01C5238B] Subject: Re: nat / rdr timeouts? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Mar 2005 03:02:11 -0000 >From: Max Laier >To: freebsd-pf@freebsd.org >CC: "Stephane Raimbault" , daniel@benzedrine.cx >Subject: Re: nat / rdr timeouts? >Date: Tue, 8 Mar 2005 01:52:05 +0100 > >On Tuesday 08 March 2005 01:28, Stephane Raimbault wrote: > > Okay, I setup an OpenBSD 3.6 box with pf today as a test and I can not > > replicate the problem with OpenBSD. > > > > In fact, running the ab test returned MUCH beter results in terms of >times > > to return the page and according to top the cpu barely budged when >running > > the test on the openbsd pf box. However running top on the freebsd pf >box > > I clearly see a spike in cpu traffic as the cpu idle drops to 0% for a > > second. > > > > > > I'm currently running RELENG_5 on the freebsd box from this weekend... >are > > there some debugging stuff turned on in the kernel that would explain >the > > performance diffrence? > > > > I tried to replicate the test as closely as possible however there are >some > > subtle diffrences in my test. > > > > OpenBSD test > > > > PowerBook laptop (running ab) to an IP on the local network (openbsd ext > > interface (vlan0)) thru to the same openbsd box int interface (vlan1) to > > the web servers (10.0.11.16 and 10.0.11.17). > > > > FreeBSD Test > > > > IBM server running freebsd (ab) to an IP on it's local network (freebsd >ext > > interface (em0) thru to the same freebsd box int interface (em1) to the >web > > severs (10.0.11.16 and 10.0.11.17). > > > > network wise it should be pretty much the same. The only thing that >came > > to mind, maybe it's because the powerbook is a better box then the IBM > > server running freebsd ? but then seeing the CPU idle time and >comparing > > the Freebsd +pf and the OpenBSD +pf being so diffrent... I ponder my > > question. > > > > > > Hope this makes sense. Let me know if there is any other data I can > > provide ? > >I don't fully understand how your setup looks like. Where are you running >ab >from? Is there a dedicated box you run it on or are you running it on/from >the redirecting box itself? Could you get the following setup realized: > > /----- OpenBSD ----\ WWW_1 > | | / WWW_2 >ab Client ---+ +-----+- ... > | | \ WWW_N > \----- FreeBSD ----/ > I don't know why I didn't setup my test like this in the first place... it was pretty easy for me to set this up... Anyhow I've set this up now. And now that I have re run the tests... may I say "ARGH!" :) So yes... same problem when running the test on the OpenBSD + pf then I was getting on the FreeBSD + pf. But so what does this mean... I'm hitting a bug on my FreeBSD box I'm running the ab test from? >It does not matter (too much) how the gateways are connected to the client >and >the servers, what matters is that the client and the servers are the same >for >both tests. I suspect that (if you were running ab from the FreeBSD >server) >you discovered a bug in FreeBSD's socket/tcp code much rather than in pf. >Please let me know if I misunderstood something and explain your test setup >with a bit more detail. > >Thanks a lot in advance. > > > >-- >/"\ Best regards, | mlaier@freebsd.org >\ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet >/ \ ASCII Ribbon Campaign | Against HTML Mail and News ><< attach3 >> _________________________________________________________________ Don't just Search. Find! http://search.sympatico.msn.ca/default.aspx The new MSN Search! Check it out!