possible ideas for new GENERIC kernel on UP systems

Chris chrcoluk at gmail.com
Thu Mar 3 21:37:23 GMT 2005

I made a post earlier in the month about my concerns with 5.3 and I
reffered to 2 of my servers having tcp lockups, but on the most
problematic service I made some changes to the kernel and so far it
has been running very good network wise.

 9:26PM  up 28 days,  1:01, 1 user, load averages: 0.16, 0.17, 0.16
FreeBSD 5.3-STABLE #0: Thu Feb  3 15:48:42 GMT 2005

Now the server is a celeron 2ghz realtek network card on a 100mbit
connection, its average load is 1500 simultaneous connections, handles
average sustained traffic of 0.5mbit-1mbit/sec and often has to burst
to over 20mbit.  During this time it has also taken around half a
dozen DDOS attacks using 100% network utilisation.

My kernel config (not full paste but whats diff to normal GENERIC)

cpu             I686_CPU (others removed)

options        AHC_REG_PRETTY_PRINT - disabled
options        AHD_REG_PRETTY_PRINT - disabled
options        ADAPTIVE_GIANT - disabled (*)
device         apic - disabled (*)
device         sl - disabled
device         ppp - disabled

new options
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_FORWARD
options         IPDIVERT
options         IPSTEALTH
options         DUMMYNET
options         TCP_DROP_SYNFIN
options         HZ=1000
options         NO_ADAPTIVE_MUTEXES (*)
options         CPU_ENABLE_SSE
options         SC_DISABLE_REBOOT
options         SC_NO_HISTORY
options         DEVICE_POLLING

* = I think these 3 things are what has greatly improved the stability
of the server, the other changes listed are for different reasons
other then stability but I showed them so others know what I am
running with.  Are adaptive_giant and adaptive mutexes advantageous to
UP systems?

Note - also hardware devices disabled in kernel not in server, device
polling in kernel but not activated, cpu_enable_sse probably useless

More information about the freebsd-stable mailing list