Date: Sun, 3 May 2009 13:27:48 -0700 From: Payam Chychi <pchychi@gmail.com> To: Fabian Wenk <fabian@wenks.ch> Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW MAX RULES COUNT PERFORMANCE Message-ID: <f08c15d10905031327k73fbf459ke9c4486dff09b86a@mail.gmail.com> In-Reply-To: <49FDA98B.6020105@wenks.ch> References: <49F06985.1000303@yan.com.br> <49F08071.1070905@ibctech.ca> <49F1D992.9000001@yan.com.br> <20090425024635.O89549@sola.nimnet.asn.au> <49F5DB12.7080502@yan.com.br> <49FDA98B.6020105@wenks.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 3, 2009 at 7:26 AM, Fabian Wenk <fabian@wenks.ch> wrote: > Hello Daniel > > On 27.04.09 18:19, Daniel Dias Gon=E7alves wrote: >> >> What may be happening ? I'm with polling enabled on all interfaces, can >> you influence ? > >> If I disable the polling, no network interface work, begins to display >> "em4 watchdog timeout". > > If you are using polling on the Ethernet interfaces you need to increase = the > HZ to around 2000 - 5000 (more details in the polling(4) manpage). Set it > either in the /boot/loder.conf with "kern.hz=3D5000" and reboot or in the > kernel config with "options HZ=3D5000" and rebuild kernel and reboot. > > > bye > Fabian > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > what i never understood is why run acl and accounting on the same box and kill your network? run one box for acl building and another on a span (monitor port) to do accounting on the site. For your span port, do both RX/TX so you can see bi-directional and since this is done on the network layer, you will not have as much latency... maybe 10%, if even that. --=20 Payam Tarverdyan Chychi Network Security Specialist / Network Engineer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f08c15d10905031327k73fbf459ke9c4486dff09b86a>