From owner-freebsd-performance@FreeBSD.ORG  Wed Sep 29 22:44:55 2010
Return-Path: <owner-freebsd-performance@FreeBSD.ORG>
Delivered-To: freebsd-performance@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D5EFB106566C
	for <freebsd-performance@freebsd.org>;
	Wed, 29 Sep 2010 22:44:55 +0000 (UTC)
	(envelope-from korvus@comcast.net)
Received: from qmta04.westchester.pa.mail.comcast.net
	(qmta04.westchester.pa.mail.comcast.net [76.96.62.40])
	by mx1.freebsd.org (Postfix) with ESMTP id 9708D8FC13
	for <freebsd-performance@freebsd.org>;
	Wed, 29 Sep 2010 22:44:55 +0000 (UTC)
Received: from omta06.westchester.pa.mail.comcast.net ([76.96.62.51])
	by qmta04.westchester.pa.mail.comcast.net with comcast
	id CmV41f00316LCl054mXhxu; Wed, 29 Sep 2010 22:31:41 +0000
Received: from [10.0.0.51] ([71.199.122.142])
	by omta06.westchester.pa.mail.comcast.net with comcast
	id CmXg1f00B34Sj4f3SmXgvf; Wed, 29 Sep 2010 22:31:40 +0000
Message-ID: <4CA3BE61.7020702@comcast.net>
Date: Wed, 29 Sep 2010 18:32:01 -0400
From: Steve Polyack <korvus@comcast.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB;
	rv:1.9.2.9) Gecko/20100915 Lightning/1.0b2 Thunderbird/3.1.4
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Samuel_Mart=EDn_Moro?= <faust64@gmail.com>
References: <AANLkTim1XueAwOgjoKXiFh_epcx8m12mzgD+pNoR5y_u@mail.gmail.com>
In-Reply-To: <AANLkTim1XueAwOgjoKXiFh_epcx8m12mzgD+pNoR5y_u@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Cc: freebsd-performance@freebsd.org
Subject: Re: freebsd router
X-BeenThere: freebsd-performance@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Performance/tuning <freebsd-performance.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-performance>,
	<mailto:freebsd-performance-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-performance>
List-Post: <mailto:freebsd-performance@freebsd.org>
List-Help: <mailto:freebsd-performance-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-performance>,
	<mailto:freebsd-performance-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Sep 2010 22:44:56 -0000

  On 9/29/2010 4:44 PM, Samuel Martín Moro wrote:
> Hi,
>
>
> I'm trying to replace my (dying) gateway with a qnap ts-509 (1G DDR, celeron
> m420 1.6Ghzs).
> I'm using mfsBSD, based on FreeBSD-RELEASE-8.1 amd64.
> It's almost ready (zfs, nfs, dns, pf, ...), I'm checking everything's OK to
> swap the gate.
>
>
> I noticed that opening a new connection to distant or local computer is
> (very) slow.
> After that, everything works perfectly fine.
> So I had a look at sysctl, and tried to fix that problem.
>
> Now, when I start a ping on a client from my network (disabled on the gate),
> I have something like that:
> faust@alpha ~ : time ping -c 4 google.com
> PING google.com (66.249.92.104) 56(84) bytes of data.
> 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=1 ttl=53
> time=7.12 ms
> 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=2 ttl=53
> time=7.32 ms
> 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=3 ttl=53
> time=7.18 ms
> 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=4 ttl=53
> time=7.18 ms
>
> --- google.com ping statistics ---
> 4 packets transmitted, 4 received, 0% packet loss, time 15034ms
> rtt min/avg/max/mdev = 7.126/7.205/7.329/0.128 ms
> 0.000u 0.000s 0:25.08 0.0% 0+0k 0+0io 0pf+0w
>
>
> So, it takes 5 seconds to display the first line (connect), and then 5
> second per ping.
> 25 seconds, for 4 pings...
> Obviously, my tries doesn't make it work any better...
>
Are you certain this isn't an issue with your DNS resolver(s) listed in 
/etc/resolv.conf?  How do things change if you try 'ping -n 66.249.92.104'?

Steve
> I found some infos
> here<http://people.freebsd.org/~hmp/utilities/satbl/sysctl-net.html>
> , here<http://www.freebsd.org/doc/handbook/configtuning-kernel-limits.html>
> , there<http://silverwraith.com/papers/freebsd-ddos.php>  and
> there<http://www.freebsdblog.org/52/sysctlconf-sample/>
> But I'm still not sure about the tuning implications for most of those vars.
>
>
>
> Here is my sysctl.conf:
> kern.coredump=0
> kern.ipc.somaxconn=4096
>
> net.inet.ip.check_interface=1
> net.inet.ip.fastforwarding=1
> net.inet.ip.forwarding=1
> net.inet.ip.portrange.first=1024
> net.inet.ip.portrange.last=65535
> net.inet.ip.rtexpire=2
> net.inet.ip.rtmaxcache=256
> net.inet.ip.rtminexpire=2
> net.inet.ip.ttl=42
>
> net.inet.udp.blackhole=1
> net.inet.tcp.blackhole=2
> net.inet.tcp.delacktime=42
> net.inet.tcp.delayed_ack=0
> net.inet.tcp.drop_synfin=1
> net.inet.tcp.fast_finwait2_recycle=1
> net.inet.tcp.icmp_may_rst=0
> net.inet.icmp.icmplim=42
> net.inet.tcp.ecn.enable=1
> net.inet.tcp.msl=5000
> net.inet.tcp.rfc1323=0
>
> net.inet.tcp.inflight.enable=1
> net.inet.tcp.inflight.max=1073725440
> net.inet.tcp.inflight.stab=20
> net.inet.tcp.inflight.min=1024
>
> net.inet.tcp.recvspace=82320
> net.inet.tcp.sendspace=82320
> net.inet.udp.maxdgram=82320
> net.inet.udp.recvspace=82320
> net.inet.raw.maxdgram=82320
> net.inet.raw.recvspace=82320
> net.local.dgram.maxdgram=82320
> net.local.dgram.recvspace=82320
> net.local.stream.sendspace=82320
> net.local.stream.recvspace=82320
> net.inet.tcp.local_slowstart_flightsize=10
> net.inet.tcp.nolocaltimewait=1
>
> vfs.read_max=32
>
>
>
>
> So, I was wondering, is something wrong in there?
> Or should I keep looking somewhere else?
> Where?
>
>
>
> Thanks for your help,
>