Date: Tue, 28 Jun 2005 11:55:16 -0500 From: "Grooms, Matthew" <MGrooms@seton.org> To: "Scott Ullrich" <sullrich@gmail.com> Cc: IS-Network <Netadmin@seton.org>, rwatson@freebsd.org, freebsd-pf@freebsd.org Subject: RE: pf performance issues ... Message-ID: <28FCC7CB4CF6EA43AF83BCA2096E97D013E575@AUSEX2VS1.seton.org>
next in thread | raw e-mail | index | archive | help
I am running a native 64 bit kernel. I thought it might be somthing =
like that but couldn't find anythign in the documentation that said it =
defaulted to 10000 entries. I just figured out how to view the limit in =
pfctl. I will increase it and see if that makes the issue go away.
=20
Thanks very much for the suggestion,
=20
-Matthew
=20
________________________________
From: Scott Ullrich [mailto:sullrich@gmail.com]
Sent: Tue 6/28/2005 11:29 AM
To: Grooms, Matthew
Cc: freebsd-pf@freebsd.org; rwatson@freebsd.org; IS-Network
Subject: Re: pf performance issues ...
On 6/28/05, Grooms, Matthew <MGrooms@seton.org> wrote:
[snip]
> This is a dual 3GHz amd64 box ( UP kernel at the moment ), with 4 =
gigs of ram and 6x em interfaces. It is mostly a stock kernel with =
pf,pfsync,carp and altq ( but no altq rules ) support compiled in and =
ipv6 disabled ( config attached ).
Is this running natively as 64 bit or i386 32bit?
> Am I running into a limit on some kernel tunable? After a few =
minutes of routing traffic to pf setup, the state table had approx 10000 =
entries in it. Are there some global pf limits to tweak or should it =
scale well out of the box? The internet connection is only 7Mbit so I am =
at a loss. Is there a cache or buffer limit somewhere I should watch? =
Any ideas?
I believe the default state limit size is 10,000. Could you be
hitting this number and then noticing the slowdown because your out of
state entries?
Scott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?28FCC7CB4CF6EA43AF83BCA2096E97D013E575>