Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 31 Jan 2013 07:03:20 -0800
From:      Matthew Luckie <mjl@luckie.org.nz>
To:        "Eggert, Lars" <lars@netapp.com>
Cc:        "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Subject:   Re: high cpu usage on natd / dhcpd
Message-ID:  <510A87B8.7000705@luckie.org.nz>
In-Reply-To: <D4D47BCFFE5A004F95D707546AC0D7E91F6B79D2@SACEXCMBX01-PRD.hq.netapp.com>
References:  <D4D47BCFFE5A004F95D707546AC0D7E91F6B79D2@SACEXCMBX01-PRD.hq.netapp.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF45E47D05C07D33B9E22062D
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 01/31/13 00:45, Eggert, Lars wrote:
> Hi,
>=20
>> I have a small system running FreeBSD 8.2 that does NAT using ipfw and=
=20
>> natd to systems attached to two interfaces: em0 and wlan0.  I have a=20
>> dhcpd daemon issuing leases on those interfaces.  The system has an em=
1=20
>> interface plugged into a cable modem where it obtains a DHCP lease fro=
m=20
>> an ISP.
>>
>> For some reason, when traffic from the Internet terminates on the syst=
em=20
>> itself (I scp a file from the computer) the natd and dhcpd processes=20
>> consume significant CPU, and the throughput is less than I expect.=20
>> Traffic that passes through to a computer behind the NAT flows without=
=20
>> causing the natd or dhcpd processes to measurably consume CPU.
>=20
> I see exactly the same issue on -STABLE. Have you been able to figure o=
ut the cause?

sudo ipfw list
00501 allow ip from any to any via lo0
00502 allow ip from any to any via em0
00503 allow ip from any to any via wlan0
00504 allow ip from any to any via vr0
00505 allow ip from any to any via gif0
00506 allow ip from any to any via tun0
00510 allow ip from me to not me out via em1
00550 divert 8668 ip from any to any via em1

Rule 510 fixes it.


--------------enigF45E47D05C07D33B9E22062D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlEKh7wACgkQKyuDKSEQAGCduwCgsVw26i3syBMI1M85VjFNHOUs
wmEAn21nX7S/Ox9SlMGOGyLU0RKQ0qTX
=BTaf
-----END PGP SIGNATURE-----

--------------enigF45E47D05C07D33B9E22062D--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?510A87B8.7000705>