6.x, 4.x ipfw/dummynet pf/altq - network performance issues
Justin Robertson
justin at sk1llz.net
Thu Feb 15 21:30:02 UTC 2007
Send a flood of 60 byte syn packets with the tcp sack option thru it
and check out what happens. It's pretty weird and I can't explain why.
If you block the packets on the box via ipfw it's fine, the second it
has to make a routing decision everything goes out the window, it seems.
There's 100% packet loss on all protocols. I'm not using NAT, there are
real IPs in different C classes on the other side of the box.
Freddie Cash wrote:
> On Thursday 15 February 2007 11:43 am, Justin Robertson wrote:
>
>> Playing with these sysctl values made 0 difference - what's supposed
>> to happen???
>>
>> Another scary discovery - if you've got 6.2 setup to route, even with
>> static routes, 1Mbps of TCP SYN traffic will cause it to start dropping
>> packets in every direction. Awesome. Methinks I'll be using 4.11 for a
>> while. ;P
>>
>
> How are you measuring that?
>
> We have a dual-Opteron 2 GHz box with 4 GB RAM that handles routing for 7
> fibre-connected sites (1 Gbps fibre links but limited by the firewalls at
> the sites to 100 Mbps) and connects to the Internet via a 1 Gbps link.
>
> All the routing on this box is handled via static routes, and we get a
> sustained 10 Mbps of traffic through the box. Nobody's complained about
> their access (which isn't surprising since we upgraded their Internet
> connections from a 2 Mbps shared cable connection to a dedicated 1 Gbps
> fibre link).
>
> FreeBSD 6.1-p11, about 100 ipfw rules, doing NAT for 4 servers, using 2x
> bge(4) devices and 1x fxp(4) device.
>
>
--
Justin
More information about the freebsd-performance
mailing list