From owner-freebsd-performance@FreeBSD.ORG Thu Feb 15 21:30:02 2007 Return-Path: X-Original-To: freebsd-performance@freebsd.org Delivered-To: freebsd-performance@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 54B3C16A402 for ; Thu, 15 Feb 2007 21:30:02 +0000 (UTC) (envelope-from justin@sk1llz.net) Received: from sed.awknet.com (sed.awknet.com [66.152.175.11]) by mx1.freebsd.org (Postfix) with ESMTP id 224FF13C4C1 for ; Thu, 15 Feb 2007 21:29:57 +0000 (UTC) (envelope-from justin@sk1llz.net) Received: by sed.awknet.com (Postfix, from userid 58) id 024BA10BBE61; Thu, 15 Feb 2007 13:29:57 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on sed.awknet.com X-Spam-Level: X-Spam-Status: No, score=0.9 required=5.0 tests=AWL,BAYES_50 autolearn=disabled version=3.1.3 Received: from [192.168.1.101] (cpe-76-167-105-254.socal.res.rr.com [76.167.105.254]) by sed.awknet.com (Postfix) with ESMTP id 4D6D710BBE5B for ; Thu, 15 Feb 2007 13:29:55 -0800 (PST) Message-ID: <45D4D0D1.5020902@sk1llz.net> Date: Thu, 15 Feb 2007 13:29:53 -0800 From: Justin Robertson User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: freebsd-performance@freebsd.org References: <20070207120426.CDEFC16A407@hub.freebsd.org> <45D19104.5010902@sk1llz.net> <45D4B7F0.20901@sk1llz.net> <200702151211.45177.fcash@ocis.net> In-Reply-To: <200702151211.45177.fcash@ocis.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues X-BeenThere: freebsd-performance@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Performance/tuning List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 21:30:02 -0000 Send a flood of 60 byte syn packets with the tcp sack option thru it and check out what happens. It's pretty weird and I can't explain why. If you block the packets on the box via ipfw it's fine, the second it has to make a routing decision everything goes out the window, it seems. There's 100% packet loss on all protocols. I'm not using NAT, there are real IPs in different C classes on the other side of the box. Freddie Cash wrote: > On Thursday 15 February 2007 11:43 am, Justin Robertson wrote: > >> Playing with these sysctl values made 0 difference - what's supposed >> to happen??? >> >> Another scary discovery - if you've got 6.2 setup to route, even with >> static routes, 1Mbps of TCP SYN traffic will cause it to start dropping >> packets in every direction. Awesome. Methinks I'll be using 4.11 for a >> while. ;P >> > > How are you measuring that? > > We have a dual-Opteron 2 GHz box with 4 GB RAM that handles routing for 7 > fibre-connected sites (1 Gbps fibre links but limited by the firewalls at > the sites to 100 Mbps) and connects to the Internet via a 1 Gbps link. > > All the routing on this box is handled via static routes, and we get a > sustained 10 Mbps of traffic through the box. Nobody's complained about > their access (which isn't surprising since we upgraded their Internet > connections from a 2 Mbps shared cable connection to a dedicated 1 Gbps > fibre link). > > FreeBSD 6.1-p11, about 100 ipfw rules, doing NAT for 4 servers, using 2x > bge(4) devices and 1x fxp(4) device. > > -- Justin