Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Mar 2005 21:36:59 +0000
From:      Chris <chrcoluk@gmail.com>
To:        freebsd-stable@freebsd.org
Subject:   possible ideas for new GENERIC kernel on UP systems
Message-ID:  <3aaaa3a05030313363a2d31be@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
I made a post earlier in the month about my concerns with 5.3 and I
reffered to 2 of my servers having tcp lockups, but on the most
problematic service I made some changes to the kernel and so far it
has been running very good network wise.

 9:26PM  up 28 days,  1:01, 1 user, load averages: 0.16, 0.17, 0.16
FreeBSD 5.3-STABLE #0: Thu Feb  3 15:48:42 GMT 2005

Now the server is a celeron 2ghz realtek network card on a 100mbit
connection, its average load is 1500 simultaneous connections, handles
average sustained traffic of 0.5mbit-1mbit/sec and often has to burst
to over 20mbit.  During this time it has also taken around half a
dozen DDOS attacks using 100% network utilisation.

My kernel config (not full paste but whats diff to normal GENERIC)

cpu             I686_CPU (others removed)

options        AHC_REG_PRETTY_PRINT - disabled
options        AHD_REG_PRETTY_PRINT - disabled
options        ADAPTIVE_GIANT - disabled (*)
device         apic - disabled (*)
device         sl - disabled
device         ppp - disabled

new options
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=50
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPFIREWALL_FORWARD
options         IPDIVERT
options         IPSTEALTH
options         DUMMYNET
options         TCP_DROP_SYNFIN
options         HZ=1000
options         NO_ADAPTIVE_MUTEXES (*)
options         CPU_ENABLE_SSE
options         SC_DISABLE_REBOOT
options         SC_NO_HISTORY
options         DEVICE_POLLING

* = I think these 3 things are what has greatly improved the stability
of the server, the other changes listed are for different reasons
other then stability but I showed them so others know what I am
running with.  Are adaptive_giant and adaptive mutexes advantageous to
UP systems?

Note - also hardware devices disabled in kernel not in server, device
polling in kernel but not activated, cpu_enable_sse probably useless
line.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3aaaa3a05030313363a2d31be>