Date: Thu, 12 May 2005 21:16:07 +0300 From: "Chris Dionissopoulos" <dionch@freemail.gr> To: "Christopher McGee" <chris@xecu.net>, "Richard Tector" <richardtector@thekeelecentre.com> Cc: freebsd-pf@freebsd.org Subject: Re: Pf in 4.11 Message-ID: <00b401c5571e$b0f46810$0100000a@R3B> References: <42838344.4050608@xecu.net> <428384A1.80608@thekeelecentre.com> <42838FA8.9080704@xecu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
My 2 cents: 1. 5000 qlimit packets is a HUGE value: This means, that your buffer is 5000 x 1000( avg. mtu) = 5mbytes. For 20Mbps queue-speed, it takes 32000 ms (32sec) to fill and then letting altq decide for adding or not (0.1-500 ms) delays. Doesn't makes sense, eh? Try a more reasonable value of 50 for speeds 10-100MBps. 2.Try enabling red (or rio) in "queue1". This early detects "queue1" congestion and drops packets before queue rate limit reached. Tell us, if you have a better 'queue0' behavior with these changes. Chris. > > When queue1 starts pushing it's maximum bandwidth, queue0(the default) > seems to choke and services become unavailable from the outside. I cut > back queue1 by about 7 mbit/s and it has cleared it up for the most > part. Not completely though. Here's what I think is the relevant info, > let me know if you need anything else: > > The box: > CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz (1999.78-MHz 686-class CPU) > real memory = 1071906816 (1022 MB) > avail memory = 1039392768 (991 MB) > fxp0-6, only 0, and 1 are being used, the others are for future > projects, like pfsync, and some dmz type stuff. > > pf configuration: > set limit { states 100000, frags 5000 } > set loginterface $ext_if > set block-policy drop > all other options are default > > queue configuration: > altq on $ext_if bandwidth 25Mb cbq queue { queue0, queue1 } > queue queue0 bandwidth 8Mb priority 4 qlimit 150 cbq(default, borrow) > queue queue1 bandwidth 12Mb qlimit 5000 > the additional bandwidth that is not included in the queues should be > added to queue1 but when that is done, it causes problems. At high > traffic times, queue will use ALL of its bandwidth and queue0 usually > only uses 3-5megs. > > There is no nat or anything running on this firewall. Public IP > addresses outside and inside. I would rather not revert to 4.x if > possible but I can't have this machine unstable. > > Thanks, > Chris > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" ____________________________________________________________________ http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. http://www.freemail.gr - free email service for the Greek-speaking.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00b401c5571e$b0f46810$0100000a>