From owner-freebsd-pf@FreeBSD.ORG  Thu Jan 19 15:58:32 2012
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 92F9D1065672
	for <freebsd-pf@freebsd.org>; Thu, 19 Jan 2012 15:58:32 +0000 (UTC)
	(envelope-from wooh@wooh.hu)
Received: from mail.bsdsupportservice.hu (mail.bsdsupportservice.hu
	[194.38.104.120])
	by mx1.freebsd.org (Postfix) with ESMTP id 488118FC18
	for <freebsd-pf@freebsd.org>; Thu, 19 Jan 2012 15:58:32 +0000 (UTC)
Received: from kazoku (localhost [127.0.0.1])
	by mail.bsdsupportservice.hu (Postfix) with ESMTP id 2633073381
	for <freebsd-pf@freebsd.org>; Thu, 19 Jan 2012 16:38:25 +0100 (CET)
X-Virus-Scanned: amavisd-new at bsdsupportservice.hu
Received: from mail.bsdsupportservice.hu ([127.0.0.1])
	by kazoku (mail.bsdsupportservice.hu [127.0.0.1]) (amavisd-new,
	port 10024) with ESMTP id ZRBzHYh9sUBN for <freebsd-pf@freebsd.org>;
	Thu, 19 Jan 2012 16:38:17 +0100 (CET)
Received: from helium-2.local (catv-89-135-87-165.catv.broadband.hu
	[89.135.87.165])
	by mail.bsdsupportservice.hu (Postfix) with ESMTPA id 15ECF731AB
	for <freebsd-pf@freebsd.org>; Thu, 19 Jan 2012 16:38:17 +0100 (CET)
Message-ID: <4F183944.30101@wooh.hu>
Date: Thu, 19 Jan 2012 16:39:48 +0100
From: Adam PAPAI <wooh@wooh.hu>
User-Agent: Postbox 3.0.2 (Macintosh/20111203)
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Maximum throughput ? limit?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jan 2012 15:58:32 -0000

Dear List,

I feel my freebsd box is reaching his limits.

I'm doing load-balance with a pf (round-robin + NAT) in front of 3 web 
and 3 database servers. Everything works fine with 100-120MBit/s, but if 
it reaches over 150MBit/s to 200MBit/s or even 300MBit/s, the 
connections are stucked, nobody can connect to the server.

I checked it via "nload". And every time it goes over 150MBit/s it stars 
to drop some connections.

I have 40,000 connections at the same time.

Could it be because the pf? I mean it reaches some maximum throughput?

When i'm running the iperf from inside the NAT, it does only 
300-400MBit/s, but if I'm running it from the firewall itself, it does 
600-700 (it depends on the traffic). The servers are connected to each 
other via GBit.

Thanks in advance,


-- 
Adam PAPAI
E-mail: wooh@wooh.hu