From owner-freebsd-performance@FreeBSD.ORG Thu Feb 15 20:39:52 2007 Return-Path: X-Original-To: freebsd-performance@freebsd.org Delivered-To: freebsd-performance@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3C89D16A400 for ; Thu, 15 Feb 2007 20:39:52 +0000 (UTC) (envelope-from fcash@ocis.net) Received: from smtp.sd73.bc.ca (smtp.sd73.bc.ca [142.24.13.140]) by mx1.freebsd.org (Postfix) with ESMTP id 1C4C013C441 for ; Thu, 15 Feb 2007 20:39:52 +0000 (UTC) (envelope-from fcash@ocis.net) Received: from localhost (localhost [127.0.0.1]) by localhost.sd73.bc.ca (Postfix) with ESMTP id 848B61A000B14 for ; Thu, 15 Feb 2007 12:11:56 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at smtp.sd73.bc.ca Received: from smtp.sd73.bc.ca ([127.0.0.1]) by localhost (smtp.sd73.bc.ca [127.0.0.1]) (amavisd-new, port 10024) with LMTP id D2aMP9MZ+A8D for ; Thu, 15 Feb 2007 12:11:46 -0800 (PST) Received: from coal (s10.sbo [192.168.0.10]) by smtp.sd73.bc.ca (Postfix) with ESMTP id 19DD11A000B0F for ; Thu, 15 Feb 2007 12:11:46 -0800 (PST) From: Freddie Cash To: freebsd-performance@freebsd.org Date: Thu, 15 Feb 2007 12:11:44 -0800 User-Agent: KMail/1.9.5 References: <20070207120426.CDEFC16A407@hub.freebsd.org> <45D19104.5010902@sk1llz.net> <45D4B7F0.20901@sk1llz.net> In-Reply-To: <45D4B7F0.20901@sk1llz.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200702151211.45177.fcash@ocis.net> Subject: Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues X-BeenThere: freebsd-performance@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Performance/tuning List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 20:39:52 -0000 On Thursday 15 February 2007 11:43 am, Justin Robertson wrote: > Playing with these sysctl values made 0 difference - what's supposed > to happen??? > > Another scary discovery - if you've got 6.2 setup to route, even with > static routes, 1Mbps of TCP SYN traffic will cause it to start dropping > packets in every direction. Awesome. Methinks I'll be using 4.11 for a > while. ;P How are you measuring that? We have a dual-Opteron 2 GHz box with 4 GB RAM that handles routing for 7 fibre-connected sites (1 Gbps fibre links but limited by the firewalls at the sites to 100 Mbps) and connects to the Internet via a 1 Gbps link. All the routing on this box is handled via static routes, and we get a sustained 10 Mbps of traffic through the box. Nobody's complained about their access (which isn't surprising since we upgraded their Internet connections from a 2 Mbps shared cable connection to a dedicated 1 Gbps fibre link). FreeBSD 6.1-p11, about 100 ipfw rules, doing NAT for 4 servers, using 2x bge(4) devices and 1x fxp(4) device. -- Freddie Cash fcash@ocis.net