Pf and altq performance problems
Christopher McGee
chris at xecu.net
Tue Apr 26 10:17:33 PDT 2005
I apologize if this is the wrong list for this, but if it is, please let
me know. The firewall in question has 6 intel pro 100+ cards
installed. Only 2 are in use, the others are for future projects once
this thing is working the way it should be. The public interface has 1
publicly routable IP from a /29 and the private interface handles 2
class C's that are publicly routable. Basically when queue1 on my
firewall starts pushing the full amount of bandwidth, things that use
the dflt queue become unreachable or VERY slow. The dflt queue NEVER
uses it's full amount of bandwidth, generally around 3mbit/s on
average. I have tried limiting queue1 to 12Mb/s and it seemed to
alleviate some of the problem, but we still get the occasional
unreachable server message. I'm starting to think this is just an
inherent problem in FreeBSD 5.3. Maybe I just need to upgrade to 5.4
when it is released, but I don't think there were many pf updates in
that release. This machine used to run ipfw and did it pretty much
flawlessly with the full 25 Mb of bandwidth. Here's what I think is the
relevant information, let me know if more information is needed:
firewall# pfctl -s queue
queue root_fxp0 bandwidth 25Mb priority 0 cbq( wrr root ) {dflt, queue1}
queue dflt bandwidth 8Mb priority 4 qlimit 150 cbq( borrow default )
queue queue1 bandwidth 17Mb qlimit 3500
firewall# pfctl -vvsq
queue root_fxp0 bandwidth 25Mb priority 0 cbq( wrr root ) {dflt, queue1}
[ pkts: 93469435 bytes: 57111963278 dropped pkts: 0
bytes: 0 ]
[ qlength: 0/ 50 borrows: 0 suspends: 0 ]
queue dflt bandwidth 8Mb priority 4 qlimit 150 cbq( borrow default )
[ pkts: 47160837 bytes: 20420146684 dropped pkts: 294 bytes:
105068 ]
[ qlength: 0/150 borrows: 2667554 suspends: 237 ]
queue queue1 bandwidth 12Mb qlimit 3500
[ pkts: 46308598 bytes: 36691816594 dropped pkts: 5236343 bytes:
4887084090 ]
[ qlength: 0/3500 borrows: 0 suspends: 13971654 ]
queue root_fxp0 bandwidth 25Mb priority 0 cbq( wrr root ) {dflt, queue1}
[ pkts: 93472817 bytes: 57113671748 dropped pkts: 0
bytes: 0 ]
[ qlength: 0/ 50 borrows: 0 suspends: 0 ]
[ measured: 676.4 packets/s, 2.73Mb/s ]
queue dflt bandwidth 8Mb priority 4 qlimit 150 cbq( borrow default )
[ pkts: 47163588 bytes: 20421636153 dropped pkts: 294 bytes:
105068 ]
[ qlength: 0/150 borrows: 2667640 suspends: 237 ]
[ measured: 550.2 packets/s, 2.38Mb/s ]
queue queue1 bandwidth 12Mb qlimit 3500
[ pkts: 46309229 bytes: 36692035595 dropped pkts: 5236343 bytes:
4887084090 ]
[ qlength: 0/3500 borrows: 0 suspends: 13971654 ]
[ measured: 126.2 packets/s, 350.40Kb/s ]
queue root_fxp0 bandwidth 25Mb priority 0 cbq( wrr root ) {dflt, queue1}
[ pkts: 93475932 bytes: 57115159111 dropped pkts: 0
bytes: 0 ]
[ qlength: 0/ 50 borrows: 0 suspends: 0 ]
[ measured: 649.7 packets/s, 2.56Mb/s ]
queue dflt bandwidth 8Mb priority 4 qlimit 150 cbq( borrow default )
[ pkts: 47166144 bytes: 20422995656 dropped pkts: 294 bytes:
105068 ]
[ qlength: 0/150 borrows: 2667788 suspends: 237 ]
[ measured: 530.7 packets/s, 2.28Mb/s ]
queue queue1 bandwidth 12Mb qlimit 3500
[ pkts: 46309788 bytes: 36692163455 dropped pkts: 5236343 bytes:
4887084090 ]
[ qlength: 0/3500 borrows: 0 suspends: 13971657 ]
[ measured: 119.0 packets/s, 277.49Kb/s ]
More information about the freebsd-pf
mailing list