From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 18 01:44:14 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3000E106566B for ; Wed, 18 Mar 2009 01:44:14 +0000 (UTC) (envelope-from qwe@qwe.net.ua) Received: from mail.qwe.net.ua (qwe.net.ua [80.245.118.211]) by mx1.freebsd.org (Postfix) with ESMTP id D55798FC1B for ; Wed, 18 Mar 2009 01:44:13 +0000 (UTC) (envelope-from qwe@qwe.net.ua) Received: from localhost (localhost.qwe.net.ua [127.0.0.1]) by mail.qwe.net.ua (Postfix) with ESMTP id 5B7FAF06F for ; Wed, 18 Mar 2009 03:21:35 +0200 (EET) Received: from mail.qwe.net.ua ([127.0.0.1]) by localhost (qwe.net.ua [127.0.0.1]) (amavisd-new, port 10024) with LMTP id D9c9QlSMW2cB for ; Wed, 18 Mar 2009 03:21:32 +0200 (EET) Received: from [10.2.1.1] (unknown [10.2.1.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.qwe.net.ua (Postfix) with ESMTP id 27553C304 for ; Wed, 18 Mar 2009 03:21:32 +0200 (EET) Message-ID: <49C04CA3.1070100@qwe.net.ua> Date: Wed, 18 Mar 2009 03:21:39 +0200 From: Eugene L Kovalenja User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: FreeBSD 7.0: dummynet 99% cpu X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2009 01:44:14 -0000 Hello. My OS: FreeBSD *** 7.0-RELEASE FreeBSD 7.0-RELEASE #6: Sun Nov 23 14:32:31 EET 2008 root@***:/usr/src/sys/i386/compile/QWEKRN70 i386 Machine: HP Proliant DL560 (Xeon 2.5GHzX8, 4Gb RAM) /etc/sysctl.conf kern.polling.enable=0 net.inet.tcp.sendspace=1048576 net.inet.tcp.recvspace=1048576 net.inet.icmp.icmplim=100 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 net.inet.tcp.msl=15000 net.inet.ip.fastforwarding=1 net.inet.ip.maxfragsperpacket=45 net.inet.tcp.log_in_vain=0 kern.ipc.maxsockets=204800 kern.ipc.maxsockbuf=16777216 kern.polling.each_burst=150 kern.polling.burst_max=1000 net.inet.tcp.syncookies=1 kern.ipc.nmbclusters=262144 net.inet.tcp.sendbuf_max=16777216 net.inet.tcp.recvbuf_max=16777216 security.bsd.see_other_uids=0 security.bsd.see_other_gids=0 security.bsd.unprivileged_read_msgbuf=0 net.inet.ip.random_id=1 kern.logsigexit=0 kern.ipc.somaxconn=24096 net.inet.ip.intr_queue_maxlen=1024 net.inet.tcp.mssdflt=1460 net.inet.tcp.slowstart_flightsize=54 net.inet.ip.fw.one_pass=0 net.inet.icmp.drop_redirect=1 net.inet.icmp.log_redirect=1 kern.maxfilesperproc=104856 kern.maxfiles=65535 net.inet.tcp.rfc1323=1 net.inet.ip.dummynet.hash_size=512 net.graph.maxdgram=128000 net.graph.recvspace=128000 net.inet.ip.intr_queue_maxlen=10240 I'm use this machine as VPN-server for access my clients into Internet. VPN-server: mpd4.3 Shaper: dummynet (pipes) Example of shaper rules: 01111 0 0 pipe 1231 ip from table(123) to any via ng* 01111 0 0 pipe 1232 ip from any to table(123) via ng* Pipes: ipfw pipe 1231 config bw XXXXKbit/s mask src-ip 0xffffffff ipfw pipe 1232 config bw XXXXKbit/s mask dst-ip 0xffffffff Time in three days traffic via ipfw doesn't go. In top: 21 root 1 -44 - 0K 8K WAIT 7 2:15 99.02% dummynet (this is example, not copy\paste) Also sw1: net increases from 5-10% to 30-35%... I am helped only by reboot. In what can consist the problem? Thanks.