From owner-freebsd-bugs@FreeBSD.ORG Thu Nov 17 08:20:30 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37CF116A420 for ; Thu, 17 Nov 2005 08:20:30 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B1A543D4C for ; Thu, 17 Nov 2005 08:20:29 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jAH8KTEA051212 for ; Thu, 17 Nov 2005 08:20:29 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jAH8KTau051211; Thu, 17 Nov 2005 08:20:29 GMT (envelope-from gnats) Date: Thu, 17 Nov 2005 08:20:29 GMT Message-Id: <200511170820.jAH8KTau051211@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Gleb Smirnoff Cc: Subject: Re: kern/89070 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Gleb Smirnoff List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2005 08:20:30 -0000 The following reply was made to PR kern/89070; it has been noted by GNATS. From: Gleb Smirnoff To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/89070 Date: Thu, 17 Nov 2005 11:13:52 +0300 ----- Forwarded message from Danil Vishnevsky ----- ALTQ, vlan is used. pf using only for load ALTQ rules gre, bridge, polling for future use. em0: flags=8843 mtu 1500 options=b vlan0: flags=8843 mtu 1500 media: Ethernet autoselect (1000baseTX ) status: active vlan: 100 parent interface: em0 vlan1: flags=8843 mtu 1500 media: Ethernet autoselect (1000baseTX ) status: active vlan: 132 parent interface: em0 ------------------------------------------------------------------------------------------- # netstat -in Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll em0 1500 00:0e:0c:33:c1:08 49390232 4 50119208 0 0 em1 1500 00:0e:0c:33:bc:5e 1736711 0 1055263 0 0 sk0 1500 00:0d:61:6e:dc:10 14585737 0 12533195 0 0 pflog 33208 0 0 0 0 0 lo0 16384 6819 0 6819 0 0 vlan0 1500 00:0e:0c:33:c1:08 597713 0 410846 0 0 vlan1 1500 00:0e:0c:33:c1:08 29726009 0 26692541 255933 0 ----------------------------------------------------------------------------------------- # ngctl list Name: vlan1 Type: ether ID: 00000006 Num hooks: 0 Name: vlan0 Type: ether ID: 00000005 Num hooks: 0 Name: ipfw Type: ipfw ID: 00000004 Num hooks: 0 Name: sk0 Type: ether ID: 00000003 Num hooks: 0 Name: em1 Type: ether ID: 00000002 Num hooks: 0 Name: em0 Type: ether ID: 00000001 Num hooks: 0 --------------------------------------------------------------------------------------------- pf.conf : altq on em0 bandwidth 100% tbrsize 150 hfsc queue { internal_net, g_alltraff, c_alltraff } queue internal_net bandwidth 80% hfsc(default) queue g_alltraff bandwidth 4Mb qlimit 20 hfsc(realtime 4Mb linkshare 0% upperlimit 4Mb)\ {g_mail, g_news, g_www, g_dns, g_internal, g_vpn, g_ssh } queue g_mail bandwidth 6% qlimit 20 hfsc(realtime 6% linkshare 10% upperlimit 80%) queue g_news bandwidth 9% qlimit 20 hfsc(red realtime 9% linkshare 9% upperlimit 30%) queue g_www bandwidth 16% qlimit 20 hfsc(red realtime 16% linkshare 2% upperlimit 80%) queue g_dns bandwidth 10% qlimit 20 priority 6 hfsc(realtime 10% linkshare 10% upperlimit 40%) queue g_internal bandwidth 15% qlimit 20 hfsc(red realtime 15% linkshare 2% upperlimit 80%) queue g_ssh bandwidth 10% qlimit 20 priority 7 hfsc(realtime 10% linkshare 20% upperlimit 40%) queue g_vpn bandwidth 30% qlimit 20 priority 5 hfsc(realtime 30% linkshare 30% upperlimit 100%) queue c_alltraff bandwidth 700Kb qlimit 20 hfsc(realtime 700Kb linkshare 0% upperlimit 700Kb)\ {c_mail, c_news, c_www, c_dns, c_internal, c_vpn, c_ssh } queue c_mail bandwidth 6% qlimit 20 hfsc(realtime 6% linkshare 10% upperlimit 80%) queue c_news bandwidth 10% qlimit 20 hfsc(red realtime 10% linkshare 10% upperlimit 30%) queue c_www bandwidth 15% qlimit 20 hfsc(red realtime 15% linkshare 2% upperlimit 80%) queue c_dns bandwidth 10% qlimit 20 priority 6 hfsc(realtime 10% linkshare 10% upperlimit 40%) queue c_internal bandwidth 15% qlimit 20 hfsc(red realtime 15% linkshare 2% upperlimit 80%) queue c_ssh bandwidth 10% qlimit 20 priority 7 hfsc(realtime 10% linkshare 20% upperlimit 40%) queue c_vpn bandwidth 30% qlimit 20 priority 5 hfsc(realtime 30% linkshare 30% upperlimit 100%) pass in all pass out all -------------------------------------------------------------------------------------------------------------- # pfctl -sa FILTER RULES: pass in all pass out all ALTQ: queue root_em0 bandwidth 1Gb priority 0 {internal_net, g_alltraff, c_alltraff} queue internal_net bandwidth 800Mb hfsc( default ) queue g_alltraff bandwidth 4Mb qlimit 20 hfsc( realtime 4Mb upperlimit 4Mb ) {g_mail, g_news, g_www, g_dns, g_internal, g_ssh, g_vpn} queue g_mail bandwidth 240Kb qlimit 20 hfsc( realtime 240Kb linkshare 400Kb upperlimit 3.20Mb ) queue g_news bandwidth 360Kb qlimit 20 hfsc( red realtime 360Kb upperlimit 1.20Mb ) queue g_www bandwidth 640Kb qlimit 20 hfsc( red realtime 640Kb linkshare 80Kb upperlimit 3.20Mb ) queue g_dns bandwidth 400Kb priority 6 qlimit 20 hfsc( realtime 400Kb upperlimit 1.60Mb ) queue g_internal bandwidth 600Kb qlimit 20 hfsc( red realtime 600Kb linkshare 80Kb upperlimit 3.20Mb ) queue g_ssh bandwidth 400Kb priority 7 qlimit 20 hfsc( realtime 400Kb linkshare 800Kb upperlimit 1.60Mb ) queue g_vpn bandwidth 1.20Mb priority 5 qlimit 20 hfsc( realtime 1.20Mb upperlimit 4Mb ) queue c_alltraff bandwidth 700Kb qlimit 20 hfsc( realtime 700Kb upperlimit 700Kb ) {c_mail, c_news, c_www, c_dns, c_internal, c_ssh, c_vpn} queue c_mail bandwidth 42Kb qlimit 20 hfsc( realtime 42Kb linkshare 70Kb upperlimit 560Kb ) queue c_news bandwidth 70Kb qlimit 20 hfsc( red realtime 70Kb upperlimit 210Kb ) queue c_www bandwidth 105Kb qlimit 20 hfsc( red realtime 105Kb linkshare 14Kb upperlimit 560Kb ) queue c_dns bandwidth 70Kb priority 6 qlimit 20 hfsc( realtime 70Kb upperlimit 280Kb ) queue c_internal bandwidth 105Kb qlimit 20 hfsc( red realtime 105Kb linkshare 14Kb upperlimit 560Kb ) queue c_ssh bandwidth 70Kb priority 7 qlimit 20 hfsc( realtime 70Kb linkshare 140Kb upperlimit 280Kb ) queue c_vpn bandwidth 210Kb priority 5 qlimit 20 hfsc( realtime 210Kb upperlimit 700Kb ) INFO: Status: Enabled for 3 days 03:55:48 Debug: Urgent Hostid: 0x8a1da828 State Table Total Rate current entries 0 searches 135137892 494.4/s inserts 0 0.0/s removals 0 0.0/s Counters match 135137927 494.4/s bad-offset 0 0.0/s fragment 35 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 3 0.0/s proto-cksum 0 0.0/s state-mismatch 0 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s TIMEOUTS: tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 30s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s adaptive.start 0 states adaptive.end 0 states src.track 0s LIMITS: states hard limit 10000 src-nodes hard limit 10000 frags hard limit 5000 OS FINGERPRINTS: 345 fingerprints loaded ------------------------------------------------------------------- In ipfw on all interfaces using ngtee X ip from any to any in via ifaceX I can't run system with INVARIANTS because it is production server. ----- End forwarded message ----- -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE