From owner-freebsd-ipfw@FreeBSD.ORG Sun May 3 20:55:06 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8AAFF1065689 for ; Sun, 3 May 2009 20:55:06 +0000 (UTC) (envelope-from pchychi@gmail.com) Received: from mail-qy0-f105.google.com (mail-qy0-f105.google.com [209.85.221.105]) by mx1.freebsd.org (Postfix) with ESMTP id 40DCD8FC16 for ; Sun, 3 May 2009 20:55:05 +0000 (UTC) (envelope-from pchychi@gmail.com) Received: by qyk3 with SMTP id 3so6729405qyk.3 for ; Sun, 03 May 2009 13:55:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=yXl9Mg2SeNOLdlEyXK5iKIFxQ1PcTdvp5eEVG9vEqmA=; b=VSLUuEFzhr5YduQ+kYvBkKk0J7GjSupFRLNZTejNm3S4p4GkWZS2MvcbTJO+QmzMDm CwAdsIwQOH33vh4eFeu7CnjE99xsjzR/dmN9uOoHdOxkQ5yHpyh1F4UYxVqqrP1UZMO3 QY9lYSIsxQKOJYo1UYGNcxDjG+nXKNc2F6J2M= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=c99LuzL58NXf/LbaU71e8Snhzc4P6Hf+7i6699wRWZcdWPwhuE0VmJWnGgCJtDBdAN TgFas9ZahTytVhzzptqJlPnHU6rb2xxfictr8y2tAet9R9wNFq5I5vydIo0tDx7GQk1H cqvUMEdlG11zTfp/eb0NHFqbLCehMp8KBhL8k= MIME-Version: 1.0 Received: by 10.229.94.129 with SMTP id z1mr2883857qcm.22.1241382468725; Sun, 03 May 2009 13:27:48 -0700 (PDT) In-Reply-To: <49FDA98B.6020105@wenks.ch> References: <49F06985.1000303@yan.com.br> <49F08071.1070905@ibctech.ca> <49F1D992.9000001@yan.com.br> <20090425024635.O89549@sola.nimnet.asn.au> <49F5DB12.7080502@yan.com.br> <49FDA98B.6020105@wenks.ch> Date: Sun, 3 May 2009 13:27:48 -0700 Message-ID: From: Payam Chychi To: Fabian Wenk Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW MAX RULES COUNT PERFORMANCE X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 May 2009 20:55:06 -0000 On Sun, May 3, 2009 at 7:26 AM, Fabian Wenk wrote: > Hello Daniel > > On 27.04.09 18:19, Daniel Dias Gon=E7alves wrote: >> >> What may be happening ? I'm with polling enabled on all interfaces, can >> you influence ? > >> If I disable the polling, no network interface work, begins to display >> "em4 watchdog timeout". > > If you are using polling on the Ethernet interfaces you need to increase = the > HZ to around 2000 - 5000 (more details in the polling(4) manpage). Set it > either in the /boot/loder.conf with "kern.hz=3D5000" and reboot or in the > kernel config with "options HZ=3D5000" and rebuild kernel and reboot. > > > bye > Fabian > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > what i never understood is why run acl and accounting on the same box and kill your network? run one box for acl building and another on a span (monitor port) to do accounting on the site. For your span port, do both RX/TX so you can see bi-directional and since this is done on the network layer, you will not have as much latency... maybe 10%, if even that. --=20 Payam Tarverdyan Chychi Network Security Specialist / Network Engineer