Date: Thu, 12 May 2005 14:35:24 -0400 From: Christopher McGee <chris@xecu.net> To: Chris Dionissopoulos <dionch@freemail.gr> Cc: freebsd-pf@freebsd.org Subject: Re: Pf in 4.11 Message-ID: <4283A1EC.7080002@xecu.net> In-Reply-To: <00b401c5571e$b0f46810$0100000a@R3B> References: <42838344.4050608@xecu.net> <428384A1.80608@thekeelecentre.com> <42838FA8.9080704@xecu.net> <00b401c5571e$b0f46810$0100000a@R3B>
next in thread | previous in thread | raw e-mail | index | archive | help
Chris Dionissopoulos wrote:
> My 2 cents:
>
> 1. 5000 qlimit packets is a HUGE value:
> This means, that your buffer is 5000 x 1000( avg. mtu) = 5mbytes.
> For 20Mbps queue-speed, it takes 32000 ms (32sec) to fill and then
> letting altq decide for adding or not (0.1-500 ms) delays.
> Doesn't makes sense, eh?
> Try a more reasonable value of 50 for speeds 10-100MBps.
>
> 2.Try enabling red (or rio) in "queue1". This early detects "queue1"
> congestion and drops packets before queue rate limit reached.
>
>
> Tell us, if you have a better 'queue0' behavior with these changes.
>
> Chris.
>
>>
>> When queue1 starts pushing it's maximum bandwidth, queue0(the
>> default) seems to choke and services become unavailable from the
>> outside. I cut back queue1 by about 7 mbit/s and it has cleared it
>> up for the most part. Not completely though. Here's what I think is
>> the relevant info, let me know if you need anything else:
>>
>> The box:
>> CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz (1999.78-MHz 686-class CPU)
>> real memory = 1071906816 (1022 MB)
>> avail memory = 1039392768 (991 MB)
>> fxp0-6, only 0, and 1 are being used, the others are for future
>> projects, like pfsync, and some dmz type stuff.
>>
>> pf configuration:
>> set limit { states 100000, frags 5000 }
>> set loginterface $ext_if
>> set block-policy drop
>> all other options are default
>>
>> queue configuration:
>> altq on $ext_if bandwidth 25Mb cbq queue { queue0, queue1 }
>> queue queue0 bandwidth 8Mb priority 4 qlimit 150 cbq(default, borrow)
>> queue queue1 bandwidth 12Mb qlimit 5000
>> the additional bandwidth that is not included in the queues should be
>> added to queue1 but when that is done, it causes problems. At high
>> traffic times, queue will use ALL of its bandwidth and queue0 usually
>> only uses 3-5megs.
>>
>> There is no nat or anything running on this firewall. Public IP
>> addresses outside and inside. I would rather not revert to 4.x if
>> possible but I can't have this machine unstable.
>>
>> Thanks,
>> Chris
>>
>> _______________________________________________
>> freebsd-pf@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>
>
> ____________________________________________________________________
> http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου.
> http://www.freemail.gr - free email service for the Greek-speaking.
The reason the queue size was changed was because the queue was getting
filled very quickly and there were TONS of dropped packets. I will try
RED and see if it gives me better results. I'll let you know.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4283A1EC.7080002>