Date: Thu, 15 Feb 2007 13:29:53 -0800 From: Justin Robertson <justin@sk1llz.net> To: freebsd-performance@freebsd.org Subject: Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues Message-ID: <45D4D0D1.5020902@sk1llz.net> In-Reply-To: <200702151211.45177.fcash@ocis.net> References: <20070207120426.CDEFC16A407@hub.freebsd.org> <45D19104.5010902@sk1llz.net> <45D4B7F0.20901@sk1llz.net> <200702151211.45177.fcash@ocis.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Send a flood of 60 byte syn packets with the tcp sack option thru it
and check out what happens. It's pretty weird and I can't explain why.
If you block the packets on the box via ipfw it's fine, the second it
has to make a routing decision everything goes out the window, it seems.
There's 100% packet loss on all protocols. I'm not using NAT, there are
real IPs in different C classes on the other side of the box.
Freddie Cash wrote:
> On Thursday 15 February 2007 11:43 am, Justin Robertson wrote:
>
>> Playing with these sysctl values made 0 difference - what's supposed
>> to happen???
>>
>> Another scary discovery - if you've got 6.2 setup to route, even with
>> static routes, 1Mbps of TCP SYN traffic will cause it to start dropping
>> packets in every direction. Awesome. Methinks I'll be using 4.11 for a
>> while. ;P
>>
>
> How are you measuring that?
>
> We have a dual-Opteron 2 GHz box with 4 GB RAM that handles routing for 7
> fibre-connected sites (1 Gbps fibre links but limited by the firewalls at
> the sites to 100 Mbps) and connects to the Internet via a 1 Gbps link.
>
> All the routing on this box is handled via static routes, and we get a
> sustained 10 Mbps of traffic through the box. Nobody's complained about
> their access (which isn't surprising since we upgraded their Internet
> connections from a 2 Mbps shared cable connection to a dedicated 1 Gbps
> fibre link).
>
> FreeBSD 6.1-p11, about 100 ipfw rules, doing NAT for 4 servers, using 2x
> bge(4) devices and 1x fxp(4) device.
>
>
--
Justin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45D4D0D1.5020902>