From owner-freebsd-questions@FreeBSD.ORG Tue Mar 21 13:41:55 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 751ED16A425; Tue, 21 Mar 2006 13:41:55 +0000 (UTC) (envelope-from plk@in.nextra.sk) Received: from fw.nextra.sk (fw.nextra.sk [195.168.29.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D02F43D5C; Tue, 21 Mar 2006 13:41:53 +0000 (GMT) (envelope-from plk@in.nextra.sk) Received: from plk.in.nextra.sk (localhost [127.0.0.1]) by fw.nextra.sk (8.13.4/8.13.4) with ESMTP id k2LDfqgZ001223; Tue, 21 Mar 2006 14:41:52 +0100 Received: (from plk@localhost) by plk.in.nextra.sk (8.13.4/8.13.4/Submit) id k2LDfqAr001222; Tue, 21 Mar 2006 14:41:52 +0100 Date: Tue, 21 Mar 2006 14:41:52 +0100 From: Bohuslav Plucinsky To: Kris Kennaway Message-ID: <20060321134152.GN20138@in.nextra.sk> References: <20060320131020.GI20138@in.nextra.sk> <20060320174409.GA72825@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060320174409.GA72825@xor.obsecurity.org> User-Agent: Mutt/1.5.11 Cc: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bohuslav.plucinsky@in.nextra.sk List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 13:41:55 -0000 Hello, here is the output from "top -S" : last pid: 1570; load averages: 0.56, 0.20, 0.10 up 0+02:59:36 14:03:53 76 processes: 4 running, 47 sleeping, 2 stopped, 23 waiting CPU states: 14.9% user, 0.0% nice, 57.4% system, 27.7% interrupt, 0.0% idle Mem: 17M Active, 6084K Inact, 14M Wired, 11M Buf, 17M Free Swap: 500M Total, 500M Free PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND 11 root 1 171 52 0K 8K RUN 173:00 39.55% idle 1414 root 1 115 0 1432K 908K RUN 0:22 39.36% natd 22 root 1 -68 -187 0K 8K WAIT 1:07 10.40% irq11: xl1 21 root 1 -68 -187 0K 8K WAIT 0:30 3.32% irq10: xl0 27 root 1 -44 -163 0K 8K WAIT 1:39 2.39% swi1: net 30 root 1 -16 0 0K 8K - 0:07 0.05% yarrow 28 root 1 -32 -151 0K 8K RUN 0:30 0.00% swi4: clock sio 540 plk 1 96 0 2140K 1844K select 0:03 0.00% screen 39 root 1 171 52 0K 8K pgzero 0:02 0.00% pagezero 550 root 1 20 0 4460K 2956K pause 0:02 0.00% tcsh 47 root 1 -16 0 0K 8K - 0:01 0.00% schedcpu 1062 plk 1 96 0 6076K 3140K select 0:01 0.00% sshd 2 root 1 -8 0 0K 8K - 0:01 0.00% g_event 4 root 1 -8 0 0K 8K - 0:01 0.00% g_down 3 root 1 -8 0 0K 8K - 0:01 0.00% g_up 447 root 1 96 0 3396K 2684K select 0:01 0.00% sendmail 1050 root 1 5 0 4440K 2928K ttyin 0:01 0.00% tcsh 1342 root 1 96 0 2336K 1616K RUN 0:01 0.00% top 41 root 1 20 0 0K 8K syncer 0:01 0.00% syncer 327 root 1 96 0 1328K 904K select 0:00 0.00% syslogd 1059 root 1 4 0 6100K 3128K sbwait 0:00 0.00% sshd 42 root 1 -4 0 0K 8K vlruwt 0:00 0.00% vnlru 40 root 1 -16 0 0K 8K psleep 0:00 0.00% bufdaemon 463 root 1 8 0 1312K 1032K nanslp 0:00 0.00% cron 7 root 1 -8 0 0K 8K - 0:00 0.00% fdc0 670 plk 1 20 0 4092K 2692K pause 0:00 0.00% tcsh 1357 root 1 96 0 3436K 2304K STOP 0:00 0.00% joe 546 plk 1 20 0 4092K 2692K pause 0:00 0.00% tcsh 542 plk 1 5 0 3996K 2576K ttyin 0:00 0.00% tcsh 1063 plk 1 20 0 3984K 2604K pause 0:00 0.00% tcsh 1067 plk 1 20 0 1928K 1556K pause 0:00 0.00% screen 25 root 1 -64 -183 0K 8K WAIT 0:00 0.00% irq14: ata0 I did try to enable DEVICE_POLLING also, but this didn't help. The CPU load decreased, but the throughput decreased from 24Mbps to 18Mbps also. I've commented out #options MROUTING #options IPFIREWALL_FORWARD #options IPFIREWALL_FORWARD_EXTENDED #options IPSTEALTH #options TCPDEBUG #options IPSEC_DEBUG #options IPSEC #options IPSEC_ESP (it's not necessary for me in this time), but it has no impact to this problem. The throughput is still low. I've tried PF, suggested by Martin Hudec and it seems that PF does not have this performance problem. I like IPFW, I use it since year 1999, but probably is time to switch to PF. Thanks all for their reply. Regards, Bohus On Mon, Mar 20, 2006 at 12:44:09PM -0500, Kris Kennaway wrote: > On Mon, Mar 20, 2006 at 02:10:20PM +0100, Bohuslav Plucinsky wrote: > > > The "top" utility shows 100% CPU load: > > What about top -S to show the kernel threads (since that's what's > using 90% of your CPU)? > > > last pid: 771; load averages: 0.25, 0.06, 0.02 up 0+00:24:30 14:08:32 > > 27 processes: 2 running, 25 sleeping > > CPU states: 8.8% user, 0.0% nice, 59.6% system, 31.6% interrupt, 0.0% idle > > Mem: 16M Active, 4752K Inact, 11M Wired, 8144K Buf, 22M Free > > Swap: 500M Total, 500M Free > > > > PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND > > 229 root 1 105 0 1428K 904K RUN 0:35 40.82% natd > > > options MROUTING # Multicast routing > > Do you actually use this? > > > options IPFIREWALL #firewall > > options IPFIREWALL_VERBOSE #print information about dropped packets > > options IPFIREWALL_FORWARD #enable transparent proxy support > > options IPFIREWALL_FORWARD_EXTENDED #all packet dest changes > > options IPSTEALTH #support for stealth forwarding > > options IPDIVERT #divert sockets > > options TCPDEBUG > > options IPSEC_DEBUG #debug for IP security > > Why do you define the DEBUG settings? They'll only slow you down, but > it's probably not the main reason. > > > options DUMMYNET > > options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN > > options INCLUDE_CONFIG_FILE # Include this file in kernel > > options IPSEC #IP security > > options IPSEC_ESP #IP security (crypto; define w/ IPSEC) > > Better to use fast ipsec unless you have a need for ipv6. > > Kris