Date: Sun, 27 May 2001 07:57:45 -0400 From: Normand Leclerc <leclercn@videotron.ca> To: Valentin Nechayev <netch@iv.nn.kiev.ua> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: ip_divert blues (was natd blues) Message-ID: <3B10EBB9.1070707@videotron.ca> References: <3B1059DD.8090505@videotron.ca> <20010527091140.A1554@iv.nn.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
--------------010207000404040705080502
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hi Valentin,
Okay, I don't know if I can send this info on the newsgroup... I'll
do it anyway as it is small. Sorry for the HTML formatting, I wanted
the output to be as clean as possible...
The tests were done with my 3 usual rules:
- 00050 allow ip from any to any
- 00090 divert 8668 ip from any to any via rl0
- 00100 allow ip from any to any
- 65535 deny ip from any to any (default ... of course)
We see clearly that my system isn't stressed at all. We can even see
that with rule 50, my system gets more interrupts.
SYSTAT WITHOUT RULE 50:
-----------------------
/0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /10
Load Average
/0 /10 /20 /30 /40 /50 /60 /70 /80 /90 /100
cpu user|
nice|
system|X
interrupt|
idle|XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
/0 /10 /20 /30 /40 /50 /60 /70 /80 /90 /100
ad0 MB/s
tps|
ad1 MB/s
tps|
fd0 MB/s
tps|
3 users Load 0.08 0.10 0.06 Sun May 27 07:38
Mem:KB REAL VIRTUAL VN PAGER SWAP PAGER
Tot Share Tot Share Free in out in out
Act 6700 1212 11912 1476 9320 count
All 21324 2224 2344560 3244 pages
Interrupts
Proc:r p d s w Csw Trp Sys Int Sof Flt cow 298 total
10 108 3 366 298 44 2 6728 wire
ata0 irq14
13148 act
ata1 irq15
3.0%Sys 1.9%Intr 0.8%User 0.0%Nice 94.4%Idl 1008 inact 66 rl0
irq10
| | | | | | | | | | 440 cache 4
xl0 irq11
=+> 8880 free
fdc0 irq6
daefr
sio1 irq3
Namei Name-cache Dir-cache prcfr 100
clk irq0
Calls hits % hits % react 128 rtc
irq8
pdwake
zfod pdpgs
Disks ad0 ad1 fd0 ofod intrn
KB/t 128 0.00 0.00 %slo-z 6752 buf
tps 0 0 0 tfree 14 dirtybuf
MB/s 0.02 0.00 0.00 1971 desiredvnodes
% busy 1 0 0 670 numvnodes
307 freevnodes
UPTIME
------
7:42AM up 8:27, 2 users, load averages: 0.01, 0.06, 0.06
SYSTAT WITHOUT RULE 50:
-----------------------
/0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /10
Load Average |
/0 /10 /20 /30 /40 /50 /60 /70 /80 /90 /100
cpu user|
nice|
system|XX
interrupt|XX
idle|XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
/0 /10 /20 /30 /40 /50 /60 /70 /80 /90 /100
ad0 MB/s
tps|
ad1 MB/s
tps|
fd0 MB/s
tps|
3 users Load 0.20 0.12 0.07 Sun May 27 07:39
Mem:KB REAL VIRTUAL VN PAGER SWAP PAGER
Tot Share Tot Share Free in out in out
Act 5852 1148 10532 1476 3712 count
All 29840 2144 2354092 3244 pages
Interrupts
Proc:r p d s w Csw Trp Sys Int Sof Flt cow 530 total
7 206 3 424 530 12 1 7056 wire 2
ata0 irq14
13488 act
ata1 irq15
8.2%Sys 4.3%Intr 0.6%User 0.0%Nice 86.8%Idl 5948 inact 297 rl0
irq10
| | | | | | | | | | 3348 cache 3
xl0 irq11
====++> 364 free
fdc0 irq6
daefr
sio1 irq3
Namei Name-cache Dir-cache prcfr 100
clk irq0
Calls hits % hits % react 128 rtc
irq8
pdwake
zfod pdpgs
Disks ad0 ad1 fd0 ofod intrn
KB/t 128 0.00 0.00 %slo-z 6752 buf
tps 2 0 0 49 tfree 14 dirtybuf
MB/s 0.20 0.00 0.00 1971 desiredvnodes
% busy 6 0 0 670 numvnodes
309 freevnodes
UPTIME:
-------
7:40AM up 8:25, 2 users, load averages: 0.10, 0.11, 0.07
NETSTAT:
--------
Name Mtu Network Address Ipkts Ierrs Ibytes
Opkts Oerrs Obytes Coll
rl0 1500 <Link#1> 00:00:b4:a8:34:19 121332 0 125208002
54838 0 3327570 0
1:0:5e:0:0:1
rl0 1500 24.201.45/24 modemcable238.4 50554 - 54968080
54832 - 2559305 -
ALL-SYSTEMS.MCAST.net
xl0 1500 <Link#2> 00:10:5a:e2:60:c3 32386 0 2406465
48378 0 68497930 8
1:0:5e:0:0:1
xl0 1500 192.168.56/25 neutrino 5498 - 694497
2880 - 461228 -
ALL-SYSTEMS.MCAST.net
xl0 1500 192.168.56/25 ns2 145 - 10091
0 - 0 -
ALL-SYSTEMS.MCAST.net
xl0 1500 192.168.56/25 gw100 0 - 0
0 - 0 -
ALL-SYSTEMS.MCAST.net
lo0 16384 <Link#3> 137 0 22385
137 0 22385 0
lo0 16384 127 localhost 32 - 2139
32 - 2139 -
ALL-SYSTEMS.MCAST.net
Valentin Nechayev wrote:
> Sat, May 26, 2001 at 21:35:25, leclercn (Normand Leclerc) wrote about "ip_divert blues (was natd blues)":
>
>> I recently posted help on a slowdown problem when using natd. I
>> found out that ipfilter (ipnat) is doing the very same thing: slowdown.
>> I trimed down the kernel to almost nothing, I removed a network adapter
>> I didn't need; in brief, I did everything I could think of ... nothing
>> has changed. My cable modem is as slow as an ADSL.
>> I have two rules in my firewall when using natd:
>> - 100 divert natd all from any to any via rl0
>> - 200 pass all from any to any
>> On the nat machine, I start a transfer with my ISP's ftp server to be
>> able to reach maximum transfer speed. I get something like 50k/s. On
>> the fly, I add a third rule: 50 pass all from any to any. Suddently, my
>> transfer rate goes up to nearly 170k/s.
>
>
> You didn't do standard system load meterings. Please tell:
> `uptime' output (LA values),
> `top' output - does natd occupy top position or not; exact WCPU and CPU values;
> `systat -io' output - percents of processor in each mode (idle/user/sys/intr);
> `systat -vm' output - number of interrupts, context switches, syscalls
> per second;
>
> Also try get collisions, input and output errors on interface with netstat.
>
> All these data may help with diagnostics, but without them diagnostics
> is almost impossible.
>
>> The nat machine is a P90 with 32megs of ram. It has a 3com 3B905BTX
>> and a cheaper nic connected to the cable modem (realtek).
>> Ideas? Has the IP divertion become that slow?
>
>
>
> /netch
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
--------------010207000404040705080502
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<html><head></head><body>Hi Valentin,<br>
<br>
Okay, I don't know if I can send this info on the newsgroup... I'll
do it anyway as it is small. Sorry for the HTML formatting, I wanted the
output to be as clean as possible...<br>
<br>
The tests were done with my 3 usual rules:<br>
<br>
- 00050 allow ip from any to any<br>
- 00090 divert 8668 ip from any to any via rl0<br>
- 00100 allow ip from any to any<br>
- 65535 deny ip from any to any (default ... of course)<br>
<br>
We see clearly that my system isn't stressed at all. We can even see that with rule 50, my system gets more interrupts.<br>
<tt><br>
<font size="-1">SYSTAT WITHOUT RULE 50:<br>
-----------------------<br>
<br>
<br>
<br>
/0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /10<br>
Load Average <br>
<br>
/0 /10 /20 /30 /40 /50 /60 /70 /80 /90 /100<br>
cpu user|<br>
nice|<br>
system|X <br>
interrupt|<br>
idle|XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <br>
<br>
/0 /10 /20 /30 /40 /50 /60 /70 /80 /90 /100<br>
ad0 MB/s <br>
tps| <br>
ad1 MB/s <br>
tps|<br>
fd0 MB/s <br>
tps|<br>
<br>
<br>
<br>
<br>
<br>
3 users Load 0.08 0.10 0.06 Sun May 27 07:38<br>
<br>
Mem:KB REAL VIRTUAL VN PAGER SWAP PAGER<br>
Tot Share Tot Share Free in out in out<br>
Act 6700 1212 11912 1476 9320 count<br>
All 21324 2224 2344560 3244 pages<br>
Interrupts<br>
Proc:r p d s w Csw Trp Sys Int Sof Flt cow 298 total<br>
10 108 3 366 298 44 2 6728 wire ata0 irq14<br>
13148 act ata1 irq15<br>
3.0%Sys 1.9%Intr 0.8%User 0.0%Nice 94.4%Idl 1008 inact 66 rl0 irq10<br>
| | | | | | | | | | 440 cache 4 xl0 irq11<br>
=+> 8880 free fdc0 irq6<br>
daefr sio1 irq3<br>
Namei Name-cache Dir-cache prcfr 100 clk irq0<br>
Calls hits % hits % react 128 rtc irq8<br>
pdwake<br>
zfod pdpgs<br>
Disks ad0 ad1 fd0 ofod intrn<br>
KB/t 128 0.00 0.00 %slo-z 6752 buf<br>
tps 0 0 0 tfree 14 dirtybuf<br>
MB/s 0.02 0.00 0.00 1971 desiredvnodes<br>
% busy 1 0 0 670 numvnodes<br>
307 freevnodes<br>
<br>
<br>
<br>
<br>
<br>
UPTIME<br>
------<br>
<br>
7:42AM up 8:27, 2 users, load averages: 0.01, 0.06, 0.06<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
SYSTAT WITHOUT RULE 50:<br>
-----------------------<br>
<br>
<br>
<br>
/0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /10<br>
Load Average |<br>
<br>
/0 /10 /20 /30 /40 /50 /60 /70 /80 /90 /100<br>
cpu user| <br>
nice|<br>
system|XX<br>
interrupt|XX<br>
idle|XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <br>
<br>
/0 /10 /20 /30 /40 /50 /60 /70 /80 /90 /100<br>
ad0 MB/s <br>
tps| <br>
ad1 MB/s <br>
tps|<br>
fd0 MB/s <br>
tps|<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
3 users Load 0.20 0.12 0.07 Sun May 27 07:39<br>
<br>
Mem:KB REAL VIRTUAL VN PAGER SWAP PAGER<br>
Tot Share Tot Share Free in out in out<br>
Act 5852 1148 10532 1476 3712 count<br>
All 29840 2144 2354092 3244 pages<br>
Interrupts<br>
Proc:r p d s w Csw Trp Sys Int Sof Flt cow 530 total<br>
7 206 3 424 530 12 1 7056 wire 2 ata0 irq14<br>
13488 act ata1 irq15<br>
8.2%Sys 4.3%Intr 0.6%User 0.0%Nice 86.8%Idl 5948 inact 297 rl0 irq10<br>
| | | | | | | | | | 3348 cache 3 xl0 irq11<br>
====++> 364 free fdc0 irq6<br>
daefr sio1 irq3<br>
Namei Name-cache Dir-cache prcfr 100 clk irq0<br>
Calls hits % hits % react 128 rtc irq8<br>
pdwake<br>
zfod pdpgs<br>
Disks ad0 ad1 fd0 ofod intrn<br>
KB/t 128 0.00 0.00 %slo-z 6752 buf<br>
tps 2 0 0 49 tfree 14 dirtybuf<br>
MB/s 0.20 0.00 0.00 1971 desiredvnodes<br>
% busy 6 0 0 670 numvnodes<br>
309 freevnodes<br>
<br>
<br>
<br>
<br>
<br>
UPTIME:<br>
-------<br>
<br>
7:40AM up 8:25, 2 users, load averages: 0.10, 0.11, 0.07<br>
<br>
<br>
<br>
<br>
NETSTAT:<br>
--------<br>
<br>
Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll<br>
rl0 1500 <Link#1> 00:00:b4:a8:34:19 121332 0 125208002 54838 0 3327570 0<br>
1:0:5e:0:0:1<br>
rl0 1500 24.201.45/24 modemcable238.4 50554 - 54968080 54832 - 2559305 -<br>
ALL-SYSTEMS.MCAST.net<br>
xl0 1500 <Link#2> 00:10:5a:e2:60:c3 32386 0 2406465 48378 0 68497930 8<br>
1:0:5e:0:0:1<br>
xl0 1500 192.168.56/25 neutrino 5498 - 694497 2880 - 461228 -<br>
ALL-SYSTEMS.MCAST.net<br>
xl0 1500 192.168.56/25 ns2 145 - 10091 0 - 0 -<br>
ALL-SYSTEMS.MCAST.net<br>
xl0 1500 192.168.56/25 gw100 0 - 0 0 - 0 -<br>
ALL-SYSTEMS.MCAST.net<br>
lo0 16384 <Link#3> 137 0 22385 137 0 22385 0<br>
lo0 16384 127 localhost 32 - 2139 32 - 2139 -<br>
ALL-SYSTEMS.MCAST.net<br>
<br>
</font></tt><br>
<br>
<br>
Valentin Nechayev wrote:<br>
<blockquote type="cite" cite="mid:20010527091140.A1554@iv.nn.kiev.ua"><pre wrap=""> Sat, May 26, 2001 at 21:35:25, leclercn (Normand Leclerc) wrote about "ip_divert blues (was natd blues)": <br><br></pre>
<blockquote type="cite"><pre wrap=""> I recently posted help on a slowdown problem when using natd. I <br>found out that ipfilter (ipnat) is doing the very same thing: slowdown. <br>I trimed down the kernel to almost nothing, I removed a network adapter <br>I didn't need; in brief, I did everything I could think of ... nothing <br>has changed. My cable modem is as slow as an ADSL.<br> I have two rules in my firewall when using natd:<br> - 100 divert natd all from any to any via rl0<br> - 200 pass all from any to any<br> On the nat machine, I start a transfer with my ISP's ftp server to be <br>able to reach maximum transfer speed. I get something like 50k/s. On <br>the fly, I add a third rule: 50 pass all from any to any. Suddently, my <br>transfer rate goes up to nearly 170k/s.<br></pre></blockquote>
<pre wrap=""><!----><br>You didn't do standard system load meterings. Please tell:<br>`uptime' output (LA values),<br>`top' output - does natd occupy top position or not; exact WCPU and CPU values;<br>`systat -io' output - percents of processor in each mode (idle/user/sys/intr);<br>`systat -vm' output - number of interrupts, context switches, syscalls<br>per second;<br><br>Also try get collisions, input and output errors on interface with netstat.<br><br>All these data may help with diagnostics, but without them diagnostics<br>is almost impossible.<br><br></pre>
<blockquote type="cite"><pre wrap=""> The nat machine is a P90 with 32megs of ram. It has a 3com 3B905BTX <br>and a cheaper nic connected to the cable modem (realtek).<br> Ideas? Has the IP divertion become that slow?<br></pre></blockquote>
<pre wrap=""><!----><br><br>/netch<br><br>To Unsubscribe: send mail to <a class="moz-txt-link-abbreviated" href="mailto:majordomo@FreeBSD.org">majordomo@FreeBSD.org</a><br>with "unsubscribe freebsd-stable" in the body of the message<br></pre>
</blockquote>
<br>
</body></html>
--------------010207000404040705080502--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B10EBB9.1070707>