From owner-freebsd-net@FreeBSD.ORG  Tue Dec 16 00:48:18 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 959F216A4CE
	for <freebsd-net@freebsd.org>; Tue, 16 Dec 2003 00:48:18 -0800 (PST)
Received: from guard.polynet.lviv.ua (guard.polynet.lviv.ua [217.9.2.1])
	by mx1.FreeBSD.org (Postfix) with SMTP id B08CB43D39
	for <freebsd-net@freebsd.org>; Tue, 16 Dec 2003 00:48:10 -0800 (PST)
	(envelope-from akorud@polynet.lviv.ua)
Received: (qmail 3021 invoked from network); 16 Dec 2003 08:48:02 -0000
Received: from eaux.polynet.lviv.ua (HELO localhost) (217.9.2.4)
  by 217.9.2.1 with SMTP; 16 Dec 2003 08:48:02 -0000
Received: from ip-81-210-9-44.netia.com.pl (ip-81-210-9-44.netia.com.pl
	[81.210.9.44]) 	by isp.polynet.lviv.ua (IMP) with HTTP 
	for <.akorud.netadmin.lp@postoffice.polynet.lviv.ua>;
	Tue, 16 Dec 2003 10:48:02 +0200
Message-ID: <1071564482.3fdec6c2ac5fb@isp.polynet.lviv.ua>
Date: Tue, 16 Dec 2003 10:48:02 +0200
From: Andriy Korud <akorud@polynet.lviv.ua>
To: freebsd-net@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-U
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.2
Subject: Large scale NAT problems
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Dec 2003 08:48:18 -0000

Hi,
I'm tring to make NAT on FreeBSD box for 2500 clients on 35Mbit uplink.
Box is Xeon 2.8GHz, 1G RAM, 2xIntel PRO/1000 (em) adapters.
FreeBSD 4.9-STABLE, kernel is configured for single processor (HT not used),
with DEVICE_POLLING and HZ=2000, LARGE_NAT defined.
Nat was done using ipnat, no additional filtering.

The problem is that when traffic grows to 10Mbit and number of active NAT
sessions reach 70000, CPU usage exponentialy grows and system spends all CPU
time in interrupts handling. 
The system become completely unreponsible and unsable and only hard reset is the
solution.

And worse thing is that Linux on Cel/800 with SOHO cards do that NATing with 5%
CPU load without any problem :-(.

Maybe I shoud try natd? May this help?
Any suggestions?

thanks in advance,

Andriy Korud