Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 23 Apr 2005 22:17:54 -0400
From:      Christopher McGee <chris@xecu.net>
To:        freebsd-questions@freebsd.org
Subject:   Re: pf and altq bandwidth problem.
Message-ID:  <426B01D2.2060806@xecu.net>
In-Reply-To: <426AFDCD.7000701@xecu.net>
References:  <426AFDCD.7000701@xecu.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Christopher McGee wrote:

> I apologize if this is the wrong list for this, but if it is, please 
> let me know.  Basically when queue1 on my firewall starts pushing the 
> full amount of bandwidth, things that use the dflt queue become 
> unreachable or VERY slow.  The dflt queue NEVER uses it's full amount 
> of bandwidth, generally around 3mbit/s on average.  I'm starting to 
> think this is just an inherent problem in FreeBSD 5.3.  Maybe I just 
> need to upgrade to 5.4 when it is released, but I don't think there 
> were many pf updates in that release.  I'm reluctant to post too much 
> information about the firewall and it's configuration since it is a 
> production firewall.  But the problem seems to be with the queues.  
> Here's what I think is the relevant information, let me know if more 
> information is needed:
>
> firewall# pfctl -s queue
> queue root_fxp0 bandwidth 25Mb priority 0 cbq( wrr root ) {dflt, queue1}
> queue  dflt bandwidth 8Mb priority 4 qlimit 150 cbq( borrow default )
> queue  queue1 bandwidth 17Mb qlimit 3500
>
> firewall# pfctl -vvsq
> queue root_fxp0 bandwidth 25Mb priority 0 cbq( wrr root ) {dflt, queue1}
>  [ pkts:   93469435  bytes: 57111963278  dropped pkts:      0 
> bytes:      0 ]
>  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
> queue  dflt bandwidth 8Mb priority 4 qlimit 150 cbq( borrow default )
>  [ pkts:   47160837  bytes: 20420146684  dropped pkts:    294 bytes: 
> 105068 ]
>  [ qlength:   0/150  borrows: 2667554  suspends:    237 ]
> queue  queue1 bandwidth 12Mb qlimit 3500
>  [ pkts:   46308598  bytes: 36691816594  dropped pkts: 5236343 bytes: 
> 4887084090 ]
>  [ qlength:   0/3500  borrows:      0  suspends: 13971654 ]
>
> queue root_fxp0 bandwidth 25Mb priority 0 cbq( wrr root ) {dflt, queue1}
>  [ pkts:   93472817  bytes: 57113671748  dropped pkts:      0 
> bytes:      0 ]
>  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
>  [ measured:   676.4 packets/s, 2.73Mb/s ]
> queue  dflt bandwidth 8Mb priority 4 qlimit 150 cbq( borrow default )
>  [ pkts:   47163588  bytes: 20421636153  dropped pkts:    294 bytes: 
> 105068 ]
>  [ qlength:   0/150  borrows: 2667640  suspends:    237 ]
>  [ measured:   550.2 packets/s, 2.38Mb/s ]
> queue  queue1 bandwidth 12Mb qlimit 3500
>  [ pkts:   46309229  bytes: 36692035595  dropped pkts: 5236343 bytes: 
> 4887084090 ]
>  [ qlength:   0/3500  borrows:      0  suspends: 13971654 ]
>  [ measured:   126.2 packets/s, 350.40Kb/s ]
>
> queue root_fxp0 bandwidth 25Mb priority 0 cbq( wrr root ) {dflt, queue1}
>  [ pkts:   93475932  bytes: 57115159111  dropped pkts:      0 
> bytes:      0 ]
>  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
>  [ measured:   649.7 packets/s, 2.56Mb/s ]
> queue  dflt bandwidth 8Mb priority 4 qlimit 150 cbq( borrow default )
>  [ pkts:   47166144  bytes: 20422995656  dropped pkts:    294 bytes: 
> 105068 ]
>  [ qlength:   0/150  borrows: 2667788  suspends:    237 ]
>  [ measured:   530.7 packets/s, 2.28Mb/s ]
> queue  queue1 bandwidth 12Mb qlimit 3500
>  [ pkts:   46309788  bytes: 36692163455  dropped pkts: 5236343 bytes: 
> 4887084090 ]
>  [ qlength:   0/3500  borrows:      0  suspends: 13971657 ]
>  [ measured:   119.0 packets/s, 277.49Kb/s ]
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe@freebsd.org"

Let me add a little more information I thought might be useful.  This 
firewall has intel pro 100+ cards, actually 6 of them.  Only 2 are in 
use, the others are there for some future projects.  The public 
interface has 1 public IP from a /29.  The private interface has 2 IP 
addresses that correspond with the 2 internal class C's we have(both 
publicly routable).  I have tried choking queue1 to 12Mb at some point 
and it seemed to alleviate some of the problems, although some internal 
servers still respond VERY slowly when it peaks.

Thanks,
Chris



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?426B01D2.2060806>