kern/89070
Gleb Smirnoff
glebius at FreeBSD.org
Thu Nov 17 08:20:30 GMT 2005
The following reply was made to PR kern/89070; it has been noted by GNATS.
From: Gleb Smirnoff <glebius at FreeBSD.org>
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: kern/89070
Date: Thu, 17 Nov 2005 11:13:52 +0300
----- Forwarded message from Danil Vishnevsky <danil at health.kiev.ua> -----
ALTQ, vlan is used.
pf using only for load ALTQ rules
gre, bridge, polling for future use.
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 100 parent interface: em0
vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 132 parent interface: em0
-------------------------------------------------------------------------------------------
# netstat -in
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs
Coll
em0 1500 <Link#1> 00:0e:0c:33:c1:08 49390232 4 50119208 0
0
em1 1500 <Link#2> 00:0e:0c:33:bc:5e 1736711 0 1055263 0
0
sk0 1500 <Link#3> 00:0d:61:6e:dc:10 14585737 0 12533195 0
0
pflog 33208 <Link#4> 0 0 0 0
0
lo0 16384 <Link#5> 6819 0 6819 0
0
vlan0 1500 <Link#6> 00:0e:0c:33:c1:08 597713 0 410846 0
0
vlan1 1500 <Link#7> 00:0e:0c:33:c1:08 29726009 0 26692541 255933
0
-----------------------------------------------------------------------------------------
# ngctl list
Name: vlan1 Type: ether ID: 00000006 Num hooks: 0
Name: vlan0 Type: ether ID: 00000005 Num hooks: 0
Name: ipfw Type: ipfw ID: 00000004 Num hooks: 0
Name: sk0 Type: ether ID: 00000003 Num hooks: 0
Name: em1 Type: ether ID: 00000002 Num hooks: 0
Name: em0 Type: ether ID: 00000001 Num hooks: 0
---------------------------------------------------------------------------------------------
pf.conf :
altq on em0 bandwidth 100% tbrsize 150 hfsc queue { internal_net,
g_alltraff, c_alltraff }
queue internal_net bandwidth 80% hfsc(default)
queue g_alltraff bandwidth 4Mb qlimit 20 hfsc(realtime 4Mb
linkshare 0% upperlimit 4Mb)\
{g_mail, g_news, g_www, g_dns, g_internal, g_vpn, g_ssh }
queue g_mail bandwidth 6% qlimit 20 hfsc(realtime 6%
linkshare 10% upperlimit 80%)
queue g_news bandwidth 9% qlimit 20 hfsc(red realtime 9%
linkshare 9% upperlimit 30%)
queue g_www bandwidth 16% qlimit 20 hfsc(red realtime 16%
linkshare 2% upperlimit 80%)
queue g_dns bandwidth 10% qlimit 20 priority 6
hfsc(realtime 10% linkshare 10% upperlimit 40%)
queue g_internal bandwidth 15% qlimit 20 hfsc(red realtime
15% linkshare 2% upperlimit 80%)
queue g_ssh bandwidth 10% qlimit 20 priority 7 hfsc(realtime
10% linkshare 20% upperlimit 40%)
queue g_vpn bandwidth 30% qlimit 20 priority 5
hfsc(realtime 30% linkshare 30% upperlimit 100%)
queue c_alltraff bandwidth 700Kb qlimit 20 hfsc(realtime 700Kb
linkshare 0% upperlimit 700Kb)\
{c_mail, c_news, c_www, c_dns, c_internal, c_vpn, c_ssh }
queue c_mail bandwidth 6% qlimit 20 hfsc(realtime 6%
linkshare 10% upperlimit 80%)
queue c_news bandwidth 10% qlimit 20 hfsc(red realtime 10%
linkshare 10% upperlimit 30%)
queue c_www bandwidth 15% qlimit 20 hfsc(red realtime 15%
linkshare 2% upperlimit 80%)
queue c_dns bandwidth 10% qlimit 20 priority 6
hfsc(realtime 10% linkshare 10% upperlimit 40%)
queue c_internal bandwidth 15% qlimit 20 hfsc(red realtime
15% linkshare 2% upperlimit 80%)
queue c_ssh bandwidth 10% qlimit 20 priority 7 hfsc(realtime
10% linkshare 20% upperlimit 40%)
queue c_vpn bandwidth 30% qlimit 20 priority 5
hfsc(realtime 30% linkshare 30% upperlimit 100%)
pass in all
pass out all
--------------------------------------------------------------------------------------------------------------
# pfctl -sa
FILTER RULES:
pass in all
pass out all
ALTQ:
queue root_em0 bandwidth 1Gb priority 0 {internal_net, g_alltraff,
c_alltraff}
queue internal_net bandwidth 800Mb hfsc( default )
queue g_alltraff bandwidth 4Mb qlimit 20 hfsc( realtime 4Mb upperlimit
4Mb ) {g_mail, g_news, g_www, g_dns, g_internal, g_ssh, g_vpn}
queue g_mail bandwidth 240Kb qlimit 20 hfsc( realtime 240Kb linkshare
400Kb upperlimit 3.20Mb )
queue g_news bandwidth 360Kb qlimit 20 hfsc( red realtime 360Kb upperlimit
1.20Mb )
queue g_www bandwidth 640Kb qlimit 20 hfsc( red realtime 640Kb linkshare
80Kb upperlimit 3.20Mb )
queue g_dns bandwidth 400Kb priority 6 qlimit 20 hfsc( realtime 400Kb
upperlimit 1.60Mb )
queue g_internal bandwidth 600Kb qlimit 20 hfsc( red realtime 600Kb
linkshare 80Kb upperlimit 3.20Mb )
queue g_ssh bandwidth 400Kb priority 7 qlimit 20 hfsc( realtime 400Kb
linkshare 800Kb upperlimit 1.60Mb )
queue g_vpn bandwidth 1.20Mb priority 5 qlimit 20 hfsc( realtime 1.20Mb
upperlimit 4Mb )
queue c_alltraff bandwidth 700Kb qlimit 20 hfsc( realtime 700Kb upperlimit
700Kb ) {c_mail, c_news, c_www, c_dns, c_internal, c_ssh, c_vpn}
queue c_mail bandwidth 42Kb qlimit 20 hfsc( realtime 42Kb linkshare 70Kb
upperlimit 560Kb )
queue c_news bandwidth 70Kb qlimit 20 hfsc( red realtime 70Kb upperlimit
210Kb )
queue c_www bandwidth 105Kb qlimit 20 hfsc( red realtime 105Kb linkshare
14Kb upperlimit 560Kb )
queue c_dns bandwidth 70Kb priority 6 qlimit 20 hfsc( realtime 70Kb
upperlimit 280Kb )
queue c_internal bandwidth 105Kb qlimit 20 hfsc( red realtime 105Kb
linkshare 14Kb upperlimit 560Kb )
queue c_ssh bandwidth 70Kb priority 7 qlimit 20 hfsc( realtime 70Kb
linkshare 140Kb upperlimit 280Kb )
queue c_vpn bandwidth 210Kb priority 5 qlimit 20 hfsc( realtime 210Kb
upperlimit 700Kb )
INFO:
Status: Enabled for 3 days 03:55:48 Debug: Urgent
Hostid: 0x8a1da828
State Table Total Rate
current entries 0
searches 135137892 494.4/s
inserts 0 0.0/s
removals 0 0.0/s
Counters
match 135137927 494.4/s
bad-offset 0 0.0/s
fragment 35 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 3 0.0/s
proto-cksum 0 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
TIMEOUTS:
tcp.first 120s
tcp.opening 30s
tcp.established 86400s
tcp.closing 900s
tcp.finwait 45s
tcp.closed 90s
tcp.tsdiff 30s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 30s
interval 10s
adaptive.start 0 states
adaptive.end 0 states
src.track 0s
LIMITS:
states hard limit 10000
src-nodes hard limit 10000
frags hard limit 5000
OS FINGERPRINTS:
345 fingerprints loaded
-------------------------------------------------------------------
In ipfw on all interfaces using
ngtee X ip from any to any in via ifaceX
I can't run system with INVARIANTS because it is production server.
----- End forwarded message -----
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
More information about the freebsd-bugs
mailing list