freebsd router

Michael K. Smith - Adhost mksmith at adhost.com
Wed Sep 29 21:47:02 UTC 2010 

Here are my settings for a box doing about 100 Mb/sec.  I just included the values that are different than yours.

kern.ipc.somaxconn: 32768
net.inet.ip.check_interface: 0
net.inet.ip.fastforwarding: 0
net.inet.ip.portrange.first: 49152
net.inet.ip.rtexpire: 3600
net.inet.ip.rtmaxcache: 128
net.inet.ip.rtminexpire: 10
net.inet.ip.ttl: 64
net.inet.tcp.delacktime: 100
net.inet.tcp.drop_synfin: 0
net.inet.tcp.fast_finwait2_recycle: 0
net.inet.tcp.icmp_may_rst: 1
net.inet.icmp.icmplim: 2000
net.inet.tcp.msl: 30000
net.inet.tcp.rfc1323: 1
net.inet.tcp.inflight.enable: 0
net.inet.tcp.recvspace: 65536
net.inet.tcp.sendspace: 65536
net.inet.udp.maxdgram: 57344
net.inet.udp.recvspace: 65536
net.inet.raw.maxdgram: 9216
net.inet.raw.recvspace: 9216
net.local.dgram.maxdgram: 2048
net.local.dgram.recvspace: 4096
net.local.stream.sendspace: 8192
net.local.stream.recvspace: 65536
net.inet.tcp.local_slowstart_flightsize: 4
net.inet.tcp.nolocaltimewait: 0
vfs.read_max: 8

In addition, we set:

net.inet.tcp.mssdflt=1460
kern.ipc.maxsockbuf=16777216
kern.ipc.nmbclusters=32768
kern.maxfiles=65536
kern.maxfilesperproc=32768
kern.maxvnodes=600000
net.inet.tcp.path_mtu_discovery=0
net.inet.tcp.recvbuf_auto=1
net.inet.tcp.recvbuf_inc=16384
net.inet.tcp.recvbuf_max=16777216
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.sendbuf_inc=8192
net.inet.tcp.sendbuf_max=16777216

Regards,

Mike


--
Michael K. Smith - CISSP, GSEC, GISP
Chief Technical Officer - Adhost Internet LLC mksmith at adhost.com
w: +1 (206) 404-9500 f: +1 (206) 404-9050
PGP: B49A DDF5 8611 27F3  08B9 84BB E61E 38C0 (Key ID: 0x9A96777D)


> -----Original Message-----
> From: owner-freebsd-performance at freebsd.org [mailto:owner-freebsd-
> performance at freebsd.org] On Behalf Of Samuel Martín Moro
> Sent: Wednesday, September 29, 2010 1:45 PM
> To: freebsd-performance at freebsd.org
> Subject: freebsd router
> 
> Hi,
> 
> 
> I'm trying to replace my (dying) gateway with a qnap ts-509 (1G DDR, celeron
> m420 1.6Ghzs).
> I'm using mfsBSD, based on FreeBSD-RELEASE-8.1 amd64.
> It's almost ready (zfs, nfs, dns, pf, ...), I'm checking everything's OK to
> swap the gate.
> 
> 
> I noticed that opening a new connection to distant or local computer is
> (very) slow.
> After that, everything works perfectly fine.
> So I had a look at sysctl, and tried to fix that problem.
> 
> Now, when I start a ping on a client from my network (disabled on the gate),
> I have something like that:
> faust at alpha ~ : time ping -c 4 google.com
> PING google.com (66.249.92.104) 56(84) bytes of data.
> 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=1 ttl=53
> time=7.12 ms
> 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=2 ttl=53
> time=7.32 ms
> 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=3 ttl=53
> time=7.18 ms
> 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=4 ttl=53
> time=7.18 ms
> 
> --- google.com ping statistics ---
> 4 packets transmitted, 4 received, 0% packet loss, time 15034ms
> rtt min/avg/max/mdev = 7.126/7.205/7.329/0.128 ms
> 0.000u 0.000s 0:25.08 0.0% 0+0k 0+0io 0pf+0w
> 
> 
> So, it takes 5 seconds to display the first line (connect), and then 5
> second per ping.
> 25 seconds, for 4 pings...
> Obviously, my tries doesn't make it work any better...
> 
> 
> I found some infos
> here<http://people.freebsd.org/~hmp/utilities/satbl/sysctl-net.html>
> , here <http://www.freebsd.org/doc/handbook/configtuning-kernel-
> limits.html>
> , there <http://silverwraith.com/papers/freebsd-ddos.php> and
> there<http://www.freebsdblog.org/52/sysctlconf-sample/>
> But I'm still not sure about the tuning implications for most of those vars.
> 
> 
> 
> Here is my sysctl.conf:
> kern.coredump=0
> kern.ipc.somaxconn=4096
> 
> net.inet.ip.check_interface=1
> net.inet.ip.fastforwarding=1
> net.inet.ip.forwarding=1
> net.inet.ip.portrange.first=1024
> net.inet.ip.portrange.last=65535
> net.inet.ip.rtexpire=2
> net.inet.ip.rtmaxcache=256
> net.inet.ip.rtminexpire=2
> net.inet.ip.ttl=42
> 
> net.inet.udp.blackhole=1
> net.inet.tcp.blackhole=2
> net.inet.tcp.delacktime=42
> net.inet.tcp.delayed_ack=0
> net.inet.tcp.drop_synfin=1
> net.inet.tcp.fast_finwait2_recycle=1
> net.inet.tcp.icmp_may_rst=0
> net.inet.icmp.icmplim=42
> net.inet.tcp.ecn.enable=1
> net.inet.tcp.msl=5000
> net.inet.tcp.rfc1323=0
> 
> net.inet.tcp.inflight.enable=1
> net.inet.tcp.inflight.max=1073725440
> net.inet.tcp.inflight.stab=20
> net.inet.tcp.inflight.min=1024
> 
> net.inet.tcp.recvspace=82320
> net.inet.tcp.sendspace=82320
> net.inet.udp.maxdgram=82320
> net.inet.udp.recvspace=82320
> net.inet.raw.maxdgram=82320
> net.inet.raw.recvspace=82320
> net.local.dgram.maxdgram=82320
> net.local.dgram.recvspace=82320
> net.local.stream.sendspace=82320
> net.local.stream.recvspace=82320
> net.inet.tcp.local_slowstart_flightsize=10
> net.inet.tcp.nolocaltimewait=1
> 
> vfs.read_max=32
> 
> 
> 
> 
> So, I was wondering, is something wrong in there?
> Or should I keep looking somewhere else?
> Where?
> 
> 
> 
> Thanks for your help,
> 
> --
> Samuel Martín Moro
> {EPITECH.} tek5
> _______________________________________________
> freebsd-performance at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-performance
> To unsubscribe, send any mail to "freebsd-performance-
> unsubscribe at freebsd.org"

More information about the freebsd-performance mailing list