Date: Tue, 8 Mar 2005 01:52:05 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: nat / rdr timeouts? Message-ID: <200503080152.11837.max@love2party.net> In-Reply-To: <BAY24-F208A7E1EA7876ABE868203CC500@phx.gbl> References: <BAY24-F208A7E1EA7876ABE868203CC500@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Tuesday 08 March 2005 01:28, Stephane Raimbault wrote:
> Okay, I setup an OpenBSD 3.6 box with pf today as a test and I can not
> replicate the problem with OpenBSD.
>
> In fact, running the ab test returned MUCH beter results in terms of times
> to return the page and according to top the cpu barely budged when running
> the test on the openbsd pf box. However running top on the freebsd pf box
> I clearly see a spike in cpu traffic as the cpu idle drops to 0% for a
> second.
>
>
> I'm currently running RELENG_5 on the freebsd box from this weekend... are
> there some debugging stuff turned on in the kernel that would explain the
> performance diffrence?
>
> I tried to replicate the test as closely as possible however there are some
> subtle diffrences in my test.
>
> OpenBSD test
>
> PowerBook laptop (running ab) to an IP on the local network (openbsd ext
> interface (vlan0)) thru to the same openbsd box int interface (vlan1) to
> the web servers (10.0.11.16 and 10.0.11.17).
>
> FreeBSD Test
>
> IBM server running freebsd (ab) to an IP on it's local network (freebsd ext
> interface (em0) thru to the same freebsd box int interface (em1) to the web
> severs (10.0.11.16 and 10.0.11.17).
>
> network wise it should be pretty much the same. The only thing that came
> to mind, maybe it's because the powerbook is a better box then the IBM
> server running freebsd ? but then seeing the CPU idle time and comparing
> the Freebsd +pf and the OpenBSD +pf being so diffrent... I ponder my
> question.
>
>
> Hope this makes sense. Let me know if there is any other data I can
> provide ?
I don't fully understand how your setup looks like. Where are you running ab
from? Is there a dedicated box you run it on or are you running it on/from
the redirecting box itself? Could you get the following setup realized:
/----- OpenBSD ----\ WWW_1
| | / WWW_2
ab Client ---+ +-----+- ...
| | \ WWW_N
\----- FreeBSD ----/
It does not matter (too much) how the gateways are connected to the client and
the servers, what matters is that the client and the servers are the same for
both tests. I suspect that (if you were running ab from the FreeBSD server)
you discovered a bug in FreeBSD's socket/tcp code much rather than in pf.
Please let me know if I misunderstood something and explain your test setup
with a bit more detail.
Thanks a lot in advance.
<snipp - it is linewarpping as hell, anyway>
--
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
iD8DBQBCLPc7XyyEoT62BG0RAsrSAJ41D1dxIiOsQwMEo2pbK99IcG5hswCfWmeZ
NTiCF0pUiiz7fzdbTcl9yVI=
=eY3L
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503080152.11837.max>