Date: Tue, 16 Dec 2003 13:56:27 +0100 From: Max Laier <max@love2party.net> To: Andriy Korud <akorud@polynet.lviv.ua>, Attila Nagy <bra@fsn.hu> Cc: freebsd-net@freebsd.org Subject: Re: Large scale NAT problems Message-ID: <200312161356.27022.max@love2party.net> In-Reply-To: <1071567611.3fded2fb8d601@isp.polynet.lviv.ua> References: <1071564482.3fdec6c2ac5fb@isp.polynet.lviv.ua> <3FDED125.4000304@fsn.hu> <1071567611.3fded2fb8d601@isp.polynet.lviv.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 16 December 2003 10:40, Andriy Korud wrote: > =E3=C9=D4=D5=C0 Attila Nagy <bra@fsn.hu>: > > Andriy Korud wrote: > > > The problem is that when traffic grows to 10Mbit and number of active > > > NAT sessions reach 70000, CPU usage exponentialy grows and system > > > spends all > > > > CPU > > > > > time in interrupts handling. > > > The system become completely unreponsible and unsable and only hard > > > reset > > > > is the > > > > > solution. > > > > Did you try OpenBSD's pf? > > Is it ported to 4.9-STABLE? > How can I configure and try it? > > Andriy It's in the KAME snapkits, AFAIK. A port for DragonFlyBSD is on my site: (1) http://pf4freebsd.love2party.net/pfil.diff.gz (2) http://pf4freebsd.love2party.net/pf_df_test.tar.gz Apply (1) to the tree, build GENERIC kernel with at least: options PFIL_HOOKS options bpf otptions RANDOM_IP_ID #this is a great default, btw=20 install includes (or copy sys/net/pfil.h to /usr/net/pfil.h). Extract (2) and issue: make && make install now you should be able to: kldload pfsync kldload pflog kldload pf mknod pf c 73 0 root:wheel and have fun with pfctl and friends. This _might_ run on 4.x as well, but I think you'll have to work around a f= ew=20 minors to get it working in 4.9. =2D-=20 Best regards, | max@love2party.net Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet #DragonFlyBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312161356.27022.max>