From owner-freebsd-stable@FreeBSD.ORG Wed Apr 26 13:26:50 2006 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D9AF116A40A for ; Wed, 26 Apr 2006 13:26:50 +0000 (UTC) (envelope-from Stephen.Clark@seclark.us) Received: from smtpout06-04.prod.mesa1.secureserver.net (smtpout06-01.prod.mesa1.secureserver.net [64.202.165.224]) by mx1.FreeBSD.org (Postfix) with SMTP id D46D243D45 for ; Wed, 26 Apr 2006 13:26:38 +0000 (GMT) (envelope-from Stephen.Clark@seclark.us) Received: (qmail 17291 invoked from network); 26 Apr 2006 13:26:37 -0000 Received: from unknown (24.144.77.138) by smtpout06-04.prod.mesa1.secureserver.net (64.202.165.227) with ESMTP; 26 Apr 2006 13:26:37 -0000 Message-ID: <444F750C.7070206@seclark.us> Date: Wed, 26 Apr 2006 09:26:36 -0400 From: Stephen Clark User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.16-22smp i686; en-US; m18) Gecko/20010110 Netscape6/6.5 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Mike Tancsa References: <444E2503.9090506@seclark.us> <6.2.3.4.0.20060425093417.068dfc08@64.7.153.2> <444E5608.4050704@seclark.us> <6.2.3.4.0.20060425134955.051d58d0@64.7.153.2> In-Reply-To: <6.2.3.4.0.20060425134955.051d58d0@64.7.153.2> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: stable@freebsd.org Subject: Re: Freebsd Stable 6.x ipsec slower than with 4.9 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Stephen.Clark@seclark.us List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2006 13:26:50 -0000 Mike Tancsa wrote: >At 01:02 PM 25/04/2006, Stephen Clark wrote: > > > >>>Try first >>>sysctl -w net.inet.tcp.inflight.enable=0 >>> >>>If its still slower, try using FAST_IPSEC instead on the >>>server. However, make sure you disable INET6 >>> >>> >>That increased it to 39mbits/sec. Still far from 54mbits/sec >> >> > >Are all of the TCP params (compare sysctl -a net.inet.tcp on both >)and application defaults still the same on both systems ? One that >that for sure is not in RELENG_4 is SACK. Try disabling that and see >if there is a difference. > > ---Mike > > > > I checked the sysctl's between the two system and where the match they are the same. The raw transfer rate ~94mbits/sec is the same as I was getting between the systems when they were both 4.9. The real difference appears to be in ipsec. The other thing that is interesting is the idle time when I am running this test on the 6.x system is about 70% when it was a 4.9 system getting 54mbits/sec the idle time was only 50-55%. I am reluctant to try fast ipsec because of problems I had when I tried it under 4.9, it didn't work with our existing sites. Steve -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)