From owner-freebsd-stable Sun May 27 5: 7:41 2001 Delivered-To: freebsd-stable@freebsd.org Received: from VL-MS-MR003.sc1.videotron.ca (relais.videotron.ca [24.201.245.36]) by hub.freebsd.org (Postfix) with ESMTP id 4FFB337B423 for ; Sun, 27 May 2001 05:07:13 -0700 (PDT) (envelope-from leclercn@videotron.ca) Received: from atom.quanta.ca ([24.201.45.238]) by VL-MS-MR003.sc1.videotron.ca (Netscape Messaging Server 4.15) with ESMTP id GDZTNZ00.KLC; Sun, 27 May 2001 08:07:11 -0400 Received: from videotron.ca ([192.168.56.40]) by atom.quanta.ca (8.12.0.Beta7/8.12.0.Beta7) with ESMTP id f4RBvmUv000451; Sun, 27 May 2001 07:57:58 -0400 (EDT) Message-ID: <3B10EBB9.1070707@videotron.ca> Date: Sun, 27 May 2001 07:57:45 -0400 From: Normand Leclerc User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; m18) Gecko/20010131 Netscape6/6.01 X-Accept-Language: en MIME-Version: 1.0 To: Valentin Nechayev Cc: freebsd-stable@FreeBSD.ORG Subject: Re: ip_divert blues (was natd blues) References: <3B1059DD.8090505@videotron.ca> <20010527091140.A1554@iv.nn.kiev.ua> Content-Type: multipart/alternative; boundary="------------010207000404040705080502" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --------------010207000404040705080502 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi Valentin, Okay, I don't know if I can send this info on the newsgroup... I'll do it anyway as it is small. Sorry for the HTML formatting, I wanted the output to be as clean as possible... The tests were done with my 3 usual rules: - 00050 allow ip from any to any - 00090 divert 8668 ip from any to any via rl0 - 00100 allow ip from any to any - 65535 deny ip from any to any (default ... of course) We see clearly that my system isn't stressed at all. We can even see that with rule 50, my system gets more interrupts. SYSTAT WITHOUT RULE 50: ----------------------- /0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /10 Load Average /0 /10 /20 /30 /40 /50 /60 /70 /80 /90 /100 cpu user| nice| system|X interrupt| idle|XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX /0 /10 /20 /30 /40 /50 /60 /70 /80 /90 /100 ad0 MB/s tps| ad1 MB/s tps| fd0 MB/s tps| 3 users Load 0.08 0.10 0.06 Sun May 27 07:38 Mem:KB REAL VIRTUAL VN PAGER SWAP PAGER Tot Share Tot Share Free in out in out Act 6700 1212 11912 1476 9320 count All 21324 2224 2344560 3244 pages Interrupts Proc:r p d s w Csw Trp Sys Int Sof Flt cow 298 total 10 108 3 366 298 44 2 6728 wire ata0 irq14 13148 act ata1 irq15 3.0%Sys 1.9%Intr 0.8%User 0.0%Nice 94.4%Idl 1008 inact 66 rl0 irq10 | | | | | | | | | | 440 cache 4 xl0 irq11 =+> 8880 free fdc0 irq6 daefr sio1 irq3 Namei Name-cache Dir-cache prcfr 100 clk irq0 Calls hits % hits % react 128 rtc irq8 pdwake zfod pdpgs Disks ad0 ad1 fd0 ofod intrn KB/t 128 0.00 0.00 %slo-z 6752 buf tps 0 0 0 tfree 14 dirtybuf MB/s 0.02 0.00 0.00 1971 desiredvnodes % busy 1 0 0 670 numvnodes 307 freevnodes UPTIME ------ 7:42AM up 8:27, 2 users, load averages: 0.01, 0.06, 0.06 SYSTAT WITHOUT RULE 50: ----------------------- /0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /10 Load Average | /0 /10 /20 /30 /40 /50 /60 /70 /80 /90 /100 cpu user| nice| system|XX interrupt|XX idle|XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX /0 /10 /20 /30 /40 /50 /60 /70 /80 /90 /100 ad0 MB/s tps| ad1 MB/s tps| fd0 MB/s tps| 3 users Load 0.20 0.12 0.07 Sun May 27 07:39 Mem:KB REAL VIRTUAL VN PAGER SWAP PAGER Tot Share Tot Share Free in out in out Act 5852 1148 10532 1476 3712 count All 29840 2144 2354092 3244 pages Interrupts Proc:r p d s w Csw Trp Sys Int Sof Flt cow 530 total 7 206 3 424 530 12 1 7056 wire 2 ata0 irq14 13488 act ata1 irq15 8.2%Sys 4.3%Intr 0.6%User 0.0%Nice 86.8%Idl 5948 inact 297 rl0 irq10 | | | | | | | | | | 3348 cache 3 xl0 irq11 ====++> 364 free fdc0 irq6 daefr sio1 irq3 Namei Name-cache Dir-cache prcfr 100 clk irq0 Calls hits % hits % react 128 rtc irq8 pdwake zfod pdpgs Disks ad0 ad1 fd0 ofod intrn KB/t 128 0.00 0.00 %slo-z 6752 buf tps 2 0 0 49 tfree 14 dirtybuf MB/s 0.20 0.00 0.00 1971 desiredvnodes % busy 6 0 0 670 numvnodes 309 freevnodes UPTIME: ------- 7:40AM up 8:25, 2 users, load averages: 0.10, 0.11, 0.07 NETSTAT: -------- Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll rl0 1500 00:00:b4:a8:34:19 121332 0 125208002 54838 0 3327570 0 1:0:5e:0:0:1 rl0 1500 24.201.45/24 modemcable238.4 50554 - 54968080 54832 - 2559305 - ALL-SYSTEMS.MCAST.net xl0 1500 00:10:5a:e2:60:c3 32386 0 2406465 48378 0 68497930 8 1:0:5e:0:0:1 xl0 1500 192.168.56/25 neutrino 5498 - 694497 2880 - 461228 - ALL-SYSTEMS.MCAST.net xl0 1500 192.168.56/25 ns2 145 - 10091 0 - 0 - ALL-SYSTEMS.MCAST.net xl0 1500 192.168.56/25 gw100 0 - 0 0 - 0 - ALL-SYSTEMS.MCAST.net lo0 16384 137 0 22385 137 0 22385 0 lo0 16384 127 localhost 32 - 2139 32 - 2139 - ALL-SYSTEMS.MCAST.net Valentin Nechayev wrote: > Sat, May 26, 2001 at 21:35:25, leclercn (Normand Leclerc) wrote about "ip_divert blues (was natd blues)": > >> I recently posted help on a slowdown problem when using natd. I >> found out that ipfilter (ipnat) is doing the very same thing: slowdown. >> I trimed down the kernel to almost nothing, I removed a network adapter >> I didn't need; in brief, I did everything I could think of ... nothing >> has changed. My cable modem is as slow as an ADSL. >> I have two rules in my firewall when using natd: >> - 100 divert natd all from any to any via rl0 >> - 200 pass all from any to any >> On the nat machine, I start a transfer with my ISP's ftp server to be >> able to reach maximum transfer speed. I get something like 50k/s. On >> the fly, I add a third rule: 50 pass all from any to any. Suddently, my >> transfer rate goes up to nearly 170k/s. > > > You didn't do standard system load meterings. Please tell: > `uptime' output (LA values), > `top' output - does natd occupy top position or not; exact WCPU and CPU values; > `systat -io' output - percents of processor in each mode (idle/user/sys/intr); > `systat -vm' output - number of interrupts, context switches, syscalls > per second; > > Also try get collisions, input and output errors on interface with netstat. > > All these data may help with diagnostics, but without them diagnostics > is almost impossible. > >> The nat machine is a P90 with 32megs of ram. It has a 3com 3B905BTX >> and a cheaper nic connected to the cable modem (realtek). >> Ideas? Has the IP divertion become that slow? > > > > /netch > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message --------------010207000404040705080502 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Hi Valentin,

   Okay, I don't know if I can send this info on the newsgroup...  I'll do it anyway as it is small.  Sorry for the HTML formatting, I wanted the output to be as clean as possible...

   The tests were done with my 3 usual rules:

       - 00050 allow ip from any to any
       - 00090 divert 8668 ip from any to any via rl0
       - 00100 allow ip from any to any
       - 65535 deny ip from any to any    (default ... of course)

   We see clearly that my system isn't stressed at all.  We can even see that with rule 50, my system gets more interrupts.

SYSTAT WITHOUT RULE 50:
-----------------------



                   /0   /1   /2   /3   /4   /5   /6   /7   /8   /9   /10
    Load Average  

         /0   /10  /20  /30  /40  /50  /60  /70  /80  /90  /100
cpu  user|
    nice|
  system|X
interrupt|
    idle|XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

         /0   /10  /20  /30  /40  /50  /60  /70  /80  /90  /100
ad0   MB/s
     tps|
ad1   MB/s
     tps|
fd0   MB/s
     tps|





   3 users    Load  0.08  0.10  0.06                  Sun May 27 07:38

Mem:KB    REAL            VIRTUAL                     VN PAGER  SWAP PAGER
       Tot   Share      Tot    Share    Free         in  out     in  out
Act    6700    1212    11912     1476    9320 count
All   21324    2224  2344560     3244         pages
                                                                Interrupts
Proc:r  p  d  s  w    Csw  Trp  Sys  Int  Sof  Flt        cow     298 total
            10       108    3  366  298   44    2   6728 wire        ata0 irq14
                                                   13148 act         ata1 irq15
3.0%Sys   1.9%Intr  0.8%User  0.0%Nice 94.4%Idl     1008 inact    66 rl0 irq10
|    |    |    |    |    |    |    |    |    |        440 cache     4 xl0 irq11
=+>                                                  8880 free        fdc0 irq6
                                                         daefr       sio1 irq3
Namei         Name-cache    Dir-cache                     prcfr   100 clk irq0
   Calls     hits    %     hits    %                     react   128 rtc irq8
                                                         pdwake
                                         zfod            pdpgs
Disks   ad0   ad1   fd0                   ofod            intrn
KB/t    128  0.00  0.00                   %slo-z     6752 buf
tps       0     0     0                   tfree        14 dirtybuf
MB/s   0.02  0.00  0.00                              1971 desiredvnodes
% busy    1     0     0                               670 numvnodes
                                                     307 freevnodes





UPTIME
------

7:42AM  up  8:27, 2 users, load averages: 0.01, 0.06, 0.06









SYSTAT WITHOUT RULE 50:
-----------------------



                   /0   /1   /2   /3   /4   /5   /6   /7   /8   /9   /10
    Load Average   |

         /0   /10  /20  /30  /40  /50  /60  /70  /80  /90  /100
cpu  user| 
    nice|
  system|XX
interrupt|XX
    idle|XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX   

         /0   /10  /20  /30  /40  /50  /60  /70  /80  /90  /100
ad0   MB/s
     tps|
ad1   MB/s
     tps|
fd0   MB/s
     tps|







   3 users    Load  0.20  0.12  0.07                  Sun May 27 07:39

Mem:KB    REAL            VIRTUAL                     VN PAGER  SWAP PAGER
       Tot   Share      Tot    Share    Free         in  out     in  out
Act    5852    1148    10532     1476    3712 count
All   29840    2144  2354092     3244         pages
                                                                Interrupts
Proc:r  p  d  s  w    Csw  Trp  Sys  Int  Sof  Flt        cow     530 total
             7       206    3  424  530   12    1   7056 wire      2 ata0 irq14
                                                   13488 act         ata1 irq15
8.2%Sys   4.3%Intr  0.6%User  0.0%Nice 86.8%Idl     5948 inact   297 rl0 irq10
|    |    |    |    |    |    |    |    |    |       3348 cache     3 xl0 irq11
====++>                                               364 free        fdc0 irq6
                                                         daefr       sio1 irq3
Namei         Name-cache    Dir-cache                     prcfr   100 clk irq0
   Calls     hits    %     hits    %                     react   128 rtc irq8
                                                         pdwake
                                         zfod            pdpgs
Disks   ad0   ad1   fd0                   ofod            intrn
KB/t    128  0.00  0.00                   %slo-z     6752 buf
tps       2     0     0                49 tfree        14 dirtybuf
MB/s   0.20  0.00  0.00                              1971 desiredvnodes
% busy    6     0     0                               670 numvnodes
                                                     309 freevnodes





UPTIME:
-------

7:40AM  up  8:25, 2 users, load averages: 0.10, 0.11, 0.07




NETSTAT:
--------

Name  Mtu   Network       Address            Ipkts Ierrs     Ibytes    Opkts Oerrs     Obytes  Coll
rl0   1500  <Link#1>    00:00:b4:a8:34:19   121332     0  125208002    54838     0    3327570     0
                       1:0:5e:0:0:1
rl0   1500  24.201.45/24  modemcable238.4    50554     -   54968080    54832     -    2559305     -
                       ALL-SYSTEMS.MCAST.net
xl0   1500  <Link#2>    00:10:5a:e2:60:c3    32386     0    2406465    48378     0   68497930     8
                       1:0:5e:0:0:1
xl0   1500  192.168.56/25 neutrino            5498     -     694497     2880     -     461228     -
                       ALL-SYSTEMS.MCAST.net
xl0   1500  192.168.56/25 ns2                  145     -      10091        0     -          0     -
                       ALL-SYSTEMS.MCAST.net
xl0   1500  192.168.56/25 gw100                  0     -          0        0     -          0     -
                       ALL-SYSTEMS.MCAST.net
lo0   16384 <Link#3>                           137     0      22385      137     0      22385     0
lo0   16384 127           localhost             32     -       2139       32     -       2139     -
                       ALL-SYSTEMS.MCAST.net




Valentin Nechayev wrote:
 Sat, May 26, 2001 at 21:35:25, leclercn (Normand Leclerc) wrote about "ip_divert blues (was natd blues)": 

     I recently posted help on a slowdown problem when using natd.  I 
found out that ipfilter (ipnat) is doing the very same thing: slowdown.  
I trimed down the kernel to almost nothing, I removed a network adapter 
I didn't need; in brief, I did everything I could think of ...  nothing 
has changed.  My cable modem is as slow as an ADSL.
   I have two rules in my firewall when using natd:
       - 100 divert natd all from any to any via rl0
       - 200 pass all from any to any
   On the nat machine, I start a transfer with my ISP's ftp server to be 
able to reach maximum transfer speed.  I get something like 50k/s.  On 
the fly, I add a third rule: 50 pass all from any to any.  Suddently, my 
transfer rate goes up to nearly 170k/s.

You didn't do standard system load meterings. Please tell:
`uptime' output (LA values),
`top' output - does natd occupy top position or not; exact WCPU and CPU values;
`systat -io' output - percents of processor in each mode (idle/user/sys/intr);
`systat -vm' output - number of interrupts, context switches, syscalls
per second;

Also try get collisions, input and output errors on interface with netstat.

All these data may help with diagnostics, but without them diagnostics
is almost impossible.

   The nat machine is a P90 with 32megs of ram.  It has a 3com 3B905BTX 
and a cheaper nic connected to the cable modem (realtek).
   Ideas?  Has the IP divertion become that slow?


/netch

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

--------------010207000404040705080502-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message