IPFW MAX RULES COUNT PERFORMANCE
Payam Chychi
pchychi at gmail.com
Sun May 3 20:55:06 UTC 2009
On Sun, May 3, 2009 at 7:26 AM, Fabian Wenk <fabian at wenks.ch> wrote:
> Hello Daniel
>
> On 27.04.09 18:19, Daniel Dias Gonçalves wrote:
>>
>> What may be happening ? I'm with polling enabled on all interfaces, can
>> you influence ?
>
>> If I disable the polling, no network interface work, begins to display
>> "em4 watchdog timeout".
>
> If you are using polling on the Ethernet interfaces you need to increase the
> HZ to around 2000 - 5000 (more details in the polling(4) manpage). Set it
> either in the /boot/loder.conf with "kern.hz=5000" and reboot or in the
> kernel config with "options HZ=5000" and rebuild kernel and reboot.
>
>
> bye
> Fabian
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
what i never understood is why run acl and accounting on the same box
and kill your network? run one box for acl building and another on a
span (monitor port) to do accounting on the site. For your span port,
do both RX/TX so you can see bi-directional and since this is done on
the network layer, you will not have as much latency... maybe 10%, if
even that.
--
Payam Tarverdyan Chychi
Network Security Specialist / Network Engineer
More information about the freebsd-ipfw
mailing list