From owner-freebsd-net@FreeBSD.ORG Mon Jun 30 22:18:25 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C907F1065671 for ; Mon, 30 Jun 2008 22:18:25 +0000 (UTC) (envelope-from steve@ibctech.ca) Received: from ibctech.ca (v6.ibctech.ca [IPv6:2607:f118::b6]) by mx1.freebsd.org (Postfix) with SMTP id 4D2A78FC12 for ; Mon, 30 Jun 2008 22:18:25 +0000 (UTC) (envelope-from steve@ibctech.ca) Received: (qmail 47472 invoked by uid 89); 30 Jun 2008 22:20:00 -0000 Received: from unknown (HELO ?IPv6:2607:f118::5?) (steve@ibctech.ca@2607:f118::5) by 2607:f118::b6 with ESMTPA; 30 Jun 2008 22:19:50 -0000 Message-ID: <48695BA6.7060207@ibctech.ca> Date: Mon, 30 Jun 2008 18:18:14 -0400 From: Steve Bertrand User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) MIME-Version: 1.0 To: Mike Tancsa References: <4867420D.7090406@gtcomm.net> <200806301944.m5UJifJD081781@lava.sentex.ca> In-Reply-To: <200806301944.m5UJifJD081781@lava.sentex.ca> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Net , Paul Subject: Re: Freebsd IP Forwarding performance (question, and some info) [7-stable, current, em, smp] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jun 2008 22:18:25 -0000 Mike Tancsa wrote: > At 04:04 AM 6/29/2008, Paul wrote: >> This is just a question but who can get more than 400k pps forwarding >> performance ? > > > OK, I setup 2 boxes on either end of a RELENG_7 box from about May 7th > just now, to see with 2 boxes blasting across it how it would work. > *However*, this is with no firewall loaded and, I must enable ip fast > forwarding. Without that enabled, the box just falls over. > > even at 20Kpps, I start seeing all sorts of messages spewing to route -n > monitor > > > got message of size 96 on Mon Jun 30 15:39:10 2008 > RTM_MISS: Lookup failed on this address: len 96, pid: 0, seq 0, errno 0, > flags: > locks: inits: > sockaddrs: > default Mike, Is the monitor running on the 7.0 box in the middle you are testing? I set up the same configuration, and even with almost no load (< 1Kpps) can replicate these error messages by making the remote IP address (in your case 'default', disappear (ie: unplug the cable, DDoS etc). ...to further, I can even replicate the problem at a single packet per second by trying to ping an IP address that I know for fact that the router can not get to. Do you see these error messages if you set up a loopback address with an IP on the router, and effectively chop your test environment in half? In your case, can the router in the middle actually get to a default gateway for external addresses (when I perform the test, your 'default' is substituted with the IP I am trying to reach, so I am only assuming that 'default' is implying default gateway). Steve