From owner-freebsd-net@FreeBSD.ORG Tue Dec 16 06:23:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D9A9216A4CF for ; Tue, 16 Dec 2003 06:23:38 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id A502943D36 for ; Tue, 16 Dec 2003 06:23:37 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.3) with ESMTP id hBGENa2e081806; Tue, 16 Dec 2003 06:23:36 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id hBGENavR081805; Tue, 16 Dec 2003 06:23:36 -0800 (PST) (envelope-from rizzo) Date: Tue, 16 Dec 2003 06:23:36 -0800 From: Luigi Rizzo To: Julian Elischer Message-ID: <20031216062336.A81791@xorpc.icir.org> References: <1071564482.3fdec6c2ac5fb@isp.polynet.lviv.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from julian@elischer.org on Tue, Dec 16, 2003 at 04:39:42AM -0800 cc: freebsd-net@freebsd.org cc: Andriy Korud Subject: Re: Large scale NAT problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2003 14:23:39 -0000 On Tue, Dec 16, 2003 at 04:39:42AM -0800, Julian Elischer wrote: > did you try natd? > (for comparison) i guess ipnat is in kernel, whereas natd is in userland, and furthermore natd's session handling is just not up to the job (small hash tables, huge session expire times...) cheers luigi > On Tue, 16 Dec 2003, Andriy Korud wrote: > > > Hi, > > I'm tring to make NAT on FreeBSD box for 2500 clients on 35Mbit uplink. > > Box is Xeon 2.8GHz, 1G RAM, 2xIntel PRO/1000 (em) adapters. > > FreeBSD 4.9-STABLE, kernel is configured for single processor (HT not used), > > with DEVICE_POLLING and HZ=2000, LARGE_NAT defined. > > Nat was done using ipnat, no additional filtering. > > > > The problem is that when traffic grows to 10Mbit and number of active NAT > > sessions reach 70000, CPU usage exponentialy grows and system spends all CPU > > time in interrupts handling. > > The system become completely unreponsible and unsable and only hard reset is the > > solution. > > > > And worse thing is that Linux on Cel/800 with SOHO cards do that NATing with 5% > > CPU load without any problem :-(. > > > > Maybe I shoud try natd? May this help? > > Any suggestions? > > > > thanks in advance, > > > > Andriy Korud > > > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"