Pf in 4.11

Chris Dionissopoulos dionch at freemail.gr
Thu May 12 11:16:47 PDT 2005 

My 2 cents:

1. 5000 qlimit packets is a HUGE value:
This means, that your buffer is 5000 x 1000( avg. mtu) = 5mbytes.
For 20Mbps queue-speed, it takes 32000 ms (32sec) to fill and then
letting altq decide for adding or not  (0.1-500 ms) delays.
Doesn't makes sense, eh?
Try a more reasonable value of 50 for speeds 10-100MBps.

2.Try enabling red (or rio) in "queue1". This early detects "queue1" 
congestion and drops packets before queue rate limit reached.


Tell us, if you have a better 'queue0' behavior with these changes.

Chris.

> 
> When queue1 starts pushing it's maximum bandwidth, queue0(the default) 
> seems to choke and services become unavailable from the outside.  I cut 
> back queue1 by about 7 mbit/s and it has cleared it up for the most 
> part.  Not completely though.  Here's what I think is the relevant info, 
> let me know if you need anything else:
> 
> The box:
> CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz (1999.78-MHz 686-class CPU)
> real memory  = 1071906816 (1022 MB)
> avail memory = 1039392768 (991 MB)
> fxp0-6, only 0, and 1 are being used, the others are for future 
> projects, like pfsync, and some dmz type stuff.
> 
> pf configuration:
> set limit { states 100000, frags 5000 }
> set loginterface $ext_if
> set block-policy drop
> all other options are default
> 
> queue configuration:
> altq on $ext_if bandwidth 25Mb cbq queue { queue0, queue1 }
> queue queue0 bandwidth 8Mb priority 4 qlimit 150 cbq(default, borrow)
> queue queue1 bandwidth 12Mb qlimit 5000
> the additional bandwidth that is not included in the queues should be 
> added to queue1 but when that is done, it causes problems.  At high 
> traffic times, queue will use ALL of its bandwidth and queue0 usually 
> only uses 3-5megs.
> 
> There is no nat or anything running on this firewall.  Public IP 
> addresses outside and inside.  I would rather not revert to 4.x if 
> possible but I can't have this machine unstable.
> 
> Thanks,
> Chris
> 
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"

____________________________________________________________________
http://www.freemail.gr - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ.
http://www.freemail.gr - free email service for the Greek-speaking.

More information about the freebsd-pf mailing list