Date: Thu, 5 Jul 2007 11:15:55 +0100 From: "Greg Hennessy" <Greg.Hennessy@nviz.net> To: "'Pat Maddox'" <pergesu@gmail.com>, <freebsd-pf@freebsd.org> Subject: RE: Losing connections/performance with PF turned on Message-ID: <000301c7beed$79583920$6c08ab60$@Hennessy@nviz.net> In-Reply-To: <810a540e0707050222s55a62641je0138e931832e86@mail.gmail.com> References: <810a540e0707050222s55a62641je0138e931832e86@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > We're doing some stress testing on our server, CPU ? Memory ? > and noticed that when > we turn PF on, we lose connections and have a drastic reduction in > performance. > > We used SIEGE for 120 seconds, 50 connections, on req/conn > [snip] > # --- DEFAULT POLICY > block log all > What drops are you seeing in the firewall logs for the missing connections ? Are you monitoring the number of entries in the state table with pfctl -si ? The default is iirc 10k, a benchmarking tool can easily chew through this. Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000301c7beed$79583920$6c08ab60$>