From owner-freebsd-questions@FreeBSD.ORG Sun Apr 24 02:17:56 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6CAEF16A4CE for ; Sun, 24 Apr 2005 02:17:56 +0000 (GMT) Received: from new.mss1.myactv.net (new.mss1.myactv.net [24.89.0.30]) by mx1.FreeBSD.org (Postfix) with SMTP id C8BE443D2F for ; Sun, 24 Apr 2005 02:17:55 +0000 (GMT) (envelope-from chris@xecu.net) Received: (qmail 9709 invoked from network); 24 Apr 2005 02:17:55 -0000 Received: from dyn-153-112-163.myactv.net (HELO ?127.0.0.1?) (24.153.112.163) by new.mss1.myactv.net with SMTP; 24 Apr 2005 02:17:55 -0000 Message-ID: <426B01D2.2060806@xecu.net> Date: Sat, 23 Apr 2005 22:17:54 -0400 From: Christopher McGee User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <426AFDCD.7000701@xecu.net> In-Reply-To: <426AFDCD.7000701@xecu.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: pf and altq bandwidth problem. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Apr 2005 02:17:56 -0000 Christopher McGee wrote: > I apologize if this is the wrong list for this, but if it is, please > let me know. Basically when queue1 on my firewall starts pushing the > full amount of bandwidth, things that use the dflt queue become > unreachable or VERY slow. The dflt queue NEVER uses it's full amount > of bandwidth, generally around 3mbit/s on average. I'm starting to > think this is just an inherent problem in FreeBSD 5.3. Maybe I just > need to upgrade to 5.4 when it is released, but I don't think there > were many pf updates in that release. I'm reluctant to post too much > information about the firewall and it's configuration since it is a > production firewall. But the problem seems to be with the queues. > Here's what I think is the relevant information, let me know if more > information is needed: > > firewall# pfctl -s queue > queue root_fxp0 bandwidth 25Mb priority 0 cbq( wrr root ) {dflt, queue1} > queue dflt bandwidth 8Mb priority 4 qlimit 150 cbq( borrow default ) > queue queue1 bandwidth 17Mb qlimit 3500 > > firewall# pfctl -vvsq > queue root_fxp0 bandwidth 25Mb priority 0 cbq( wrr root ) {dflt, queue1} > [ pkts: 93469435 bytes: 57111963278 dropped pkts: 0 > bytes: 0 ] > [ qlength: 0/ 50 borrows: 0 suspends: 0 ] > queue dflt bandwidth 8Mb priority 4 qlimit 150 cbq( borrow default ) > [ pkts: 47160837 bytes: 20420146684 dropped pkts: 294 bytes: > 105068 ] > [ qlength: 0/150 borrows: 2667554 suspends: 237 ] > queue queue1 bandwidth 12Mb qlimit 3500 > [ pkts: 46308598 bytes: 36691816594 dropped pkts: 5236343 bytes: > 4887084090 ] > [ qlength: 0/3500 borrows: 0 suspends: 13971654 ] > > queue root_fxp0 bandwidth 25Mb priority 0 cbq( wrr root ) {dflt, queue1} > [ pkts: 93472817 bytes: 57113671748 dropped pkts: 0 > bytes: 0 ] > [ qlength: 0/ 50 borrows: 0 suspends: 0 ] > [ measured: 676.4 packets/s, 2.73Mb/s ] > queue dflt bandwidth 8Mb priority 4 qlimit 150 cbq( borrow default ) > [ pkts: 47163588 bytes: 20421636153 dropped pkts: 294 bytes: > 105068 ] > [ qlength: 0/150 borrows: 2667640 suspends: 237 ] > [ measured: 550.2 packets/s, 2.38Mb/s ] > queue queue1 bandwidth 12Mb qlimit 3500 > [ pkts: 46309229 bytes: 36692035595 dropped pkts: 5236343 bytes: > 4887084090 ] > [ qlength: 0/3500 borrows: 0 suspends: 13971654 ] > [ measured: 126.2 packets/s, 350.40Kb/s ] > > queue root_fxp0 bandwidth 25Mb priority 0 cbq( wrr root ) {dflt, queue1} > [ pkts: 93475932 bytes: 57115159111 dropped pkts: 0 > bytes: 0 ] > [ qlength: 0/ 50 borrows: 0 suspends: 0 ] > [ measured: 649.7 packets/s, 2.56Mb/s ] > queue dflt bandwidth 8Mb priority 4 qlimit 150 cbq( borrow default ) > [ pkts: 47166144 bytes: 20422995656 dropped pkts: 294 bytes: > 105068 ] > [ qlength: 0/150 borrows: 2667788 suspends: 237 ] > [ measured: 530.7 packets/s, 2.28Mb/s ] > queue queue1 bandwidth 12Mb qlimit 3500 > [ pkts: 46309788 bytes: 36692163455 dropped pkts: 5236343 bytes: > 4887084090 ] > [ qlength: 0/3500 borrows: 0 suspends: 13971657 ] > [ measured: 119.0 packets/s, 277.49Kb/s ] > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" Let me add a little more information I thought might be useful. This firewall has intel pro 100+ cards, actually 6 of them. Only 2 are in use, the others are there for some future projects. The public interface has 1 public IP from a /29. The private interface has 2 IP addresses that correspond with the 2 internal class C's we have(both publicly routable). I have tried choking queue1 to 12Mb at some point and it seemed to alleviate some of the problems, although some internal servers still respond VERY slowly when it peaks. Thanks, Chris