Date: Fri, 18 Aug 2000 21:32:44 -0400 From: "John" <john@digitalinet.com> To: <freebsd-security@freebsd.org> Subject: Re: [Q] why does my firewall degrade Web performance? Message-ID: <000d01c0097d$603f5860$03030303@john> References: <Pine.BSF.4.10.10008180932120.25370-100000@bsdie.rwsystems.net> <200008171558.JAA23163@nomad.yogotech.com> <Pine.BSF.4.10.10008180932120.25370-100000@bsdie.rwsystems.net> <4.3.1.2.20000818172410.00ba9f08@mail.imag.net>
next in thread | previous in thread | raw e-mail | index | archive | help
As I stated to this issue before. Benchmark your webserver from inside your local network then test it from outiside your local network. This will give you a much better idea of what is happening. ----- Original Message ----- From: "Luke Cowell" <lukec@imag.net> To: <freebsd-security@freebsd.org> Sent: Friday, August 18, 2000 8:38 PM Subject: Re: [Q] why does my firewall degrade Web performance? I had a NAT firewall setup for my wave connection at home. I had some old cable I decided to run through my wall. When all was said and done it did not work as expected. I did see that my interrupt % was very high (90% approx) the culprit was a faulty cable. This may be part of you problem because when you introduced the firewall to the system you would of introduced additional cabling. Luke At 12:57 AM 8/19/2000 +0200, you wrote: >Quoting James Wyatt (jwyatt@rwsystems.net): > > Doesn't load average count the average number of processes waiting on > > (or in) a 'run' state? Don't the ipfw functions get performed by the > > kernel? If so, wouldn't the only rise in load average be from a > > secondary effect on 'coalmine canary' like programs? If you aren't > > running apache or lotsa sendmail or something would loadave even go up > > much under heavy load? > >Well, yes. But look at "top" which monitors active processes: > >last pid: 42568; load averages: 0.11, 0.06, 0.01 up 57+22:27:13 00:44:58 >48 processes: 1 running, 47 sleeping >CPU states: 0.4% user, 0.0% nice, 0.0% system, 0.0% interrupt, 99.6% idle >Mem: 10M Active, 5768K Inact, 9596K Wired, 3428K Cache, 3394K Buf, 488K Free >Swap: 254M Total, 30M Used, 224M Free, 12% Inuse > >As you can see in the output, my machine is 99.6% idle. If there's >a lot of network activity at the kernel level going on, it is shown >as system or interrupt load. So one can easily see how busy the machine >is, even if there's no user process actively using up CPU cycles. > > >Greetings, > Ripley >-- >H. Eckert, 10777 Berlin, Germany, http://me.in-berlin.de/~nostromo/ >ISO 8859-1: Ä=Ae, Ö=Oe, Ü=Ue, ä=ae, ö=oe, ü=ue, ß=sz. >"(Technobabbel)" (Jetrel) - "Müssen wir uns diesen Schwachsinn wirklich >anhören?" (Neelix) > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c0097d$603f5860$03030303>