Date: Fri, 18 Aug 2000 17:38:43 -0700 From: Luke Cowell <lukec@imag.net> To: freebsd-security@freebsd.org Subject: Re: [Q] why does my firewall degrade Web performance? Message-ID: <4.3.1.2.20000818172410.00ba9f08@mail.imag.net> In-Reply-To: <20000819005752.A42236@server.nostromo.in-berlin.de> References: <Pine.BSF.4.10.10008180932120.25370-100000@bsdie.rwsystems.net> <200008171558.JAA23163@nomad.yogotech.com> <Pine.BSF.4.10.10008180932120.25370-100000@bsdie.rwsystems.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I had a NAT firewall setup for my wave connection at home. I had some old=20 cable I decided to run through my wall. When all was said and done it did=20 not work as expected. I did see that my interrupt % was very high (90%=20 approx) the culprit was a faulty cable. This may be part of you problem=20 because when you introduced the firewall to the system you would of=20 introduced additional cabling. Luke At 12:57 AM 8/19/2000 +0200, you wrote: >Quoting James Wyatt (jwyatt@rwsystems.net): > > Doesn't load average count the average number of processes waiting on > > (or in) a 'run' state? Don't the ipfw functions get performed by the > > kernel? If so, wouldn't the only rise in load average be from a > > secondary effect on 'coalmine canary' like programs? If you aren't > > running apache or lotsa sendmail or something would loadave even go up > > much under heavy load? > >Well, yes. But look at "top" which monitors active processes: > >last pid: 42568; load averages: 0.11, 0.06, 0.01 up 57+22:27:13 = 00:44:58 >48 processes: 1 running, 47 sleeping >CPU states: 0.4% user, 0.0% nice, 0.0% system, 0.0% interrupt, 99.6%= idle >Mem: 10M Active, 5768K Inact, 9596K Wired, 3428K Cache, 3394K Buf, 488K= Free >Swap: 254M Total, 30M Used, 224M Free, 12% Inuse > >As you can see in the output, my machine is 99.6% idle. If there's >a lot of network activity at the kernel level going on, it is shown >as system or interrupt load. So one can easily see how busy the machine >is, even if there's no user process actively using up CPU cycles. > > >Greetings, > Ripley >-- >H. Eckert, 10777 Berlin, Germany, http://me.in-berlin.de/~nostromo/ >ISO 8859-1: =C4=3DAe, =D6=3DOe, =DC=3DUe, =E4=3Dae, =F6=3Doe, =FC=3Due,= =DF=3Dsz. >"(Technobabbel)" (Jetrel) - "M=FCssen wir uns diesen Schwachsinn wirklich >anh=F6ren?" (Neelix) > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.1.2.20000818172410.00ba9f08>