From owner-freebsd-stable@FreeBSD.ORG Thu Mar 3 21:37:23 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B61C916A4CE for ; Thu, 3 Mar 2005 21:37:23 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 553B443D54 for ; Thu, 3 Mar 2005 21:37:23 +0000 (GMT) (envelope-from chrcoluk@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so469544rng for ; Thu, 03 Mar 2005 13:37:22 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=AMlTz+vKCrHvLlimZQMXdfrKRs+a28KNpxR+ypQeGz70g7G3lnFeiiCJLttv9mMcLfc/LY+dEa/czc5QK5Zb59/8Zs2DP93mr/ODC0ojlOild8iePhtBWi9SRlZhCtl8PO1h/01qOw0OA0+k37fQY1Xaf/lNg1ss9NwjcdSjk7I= Received: by 10.38.72.42 with SMTP id u42mr65301rna; Thu, 03 Mar 2005 13:36:59 -0800 (PST) Received: by 10.39.1.32 with HTTP; Thu, 3 Mar 2005 13:36:59 -0800 (PST) Message-ID: <3aaaa3a05030313363a2d31be@mail.gmail.com> Date: Thu, 3 Mar 2005 21:36:59 +0000 From: Chris To: freebsd-stable@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: possible ideas for new GENERIC kernel on UP systems X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Chris List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2005 21:37:23 -0000 I made a post earlier in the month about my concerns with 5.3 and I reffered to 2 of my servers having tcp lockups, but on the most problematic service I made some changes to the kernel and so far it has been running very good network wise. 9:26PM up 28 days, 1:01, 1 user, load averages: 0.16, 0.17, 0.16 FreeBSD 5.3-STABLE #0: Thu Feb 3 15:48:42 GMT 2005 Now the server is a celeron 2ghz realtek network card on a 100mbit connection, its average load is 1500 simultaneous connections, handles average sustained traffic of 0.5mbit-1mbit/sec and often has to burst to over 20mbit. During this time it has also taken around half a dozen DDOS attacks using 100% network utilisation. My kernel config (not full paste but whats diff to normal GENERIC) cpu I686_CPU (others removed) options AHC_REG_PRETTY_PRINT - disabled options AHD_REG_PRETTY_PRINT - disabled options ADAPTIVE_GIANT - disabled (*) device apic - disabled (*) device sl - disabled device ppp - disabled new options options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=50 options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_FORWARD options IPDIVERT options IPSTEALTH options DUMMYNET options TCP_DROP_SYNFIN options HZ=1000 options NO_ADAPTIVE_MUTEXES (*) options CPU_ENABLE_SSE options SC_DISABLE_REBOOT options SC_NO_HISTORY options DEVICE_POLLING * = I think these 3 things are what has greatly improved the stability of the server, the other changes listed are for different reasons other then stability but I showed them so others know what I am running with. Are adaptive_giant and adaptive mutexes advantageous to UP systems? Note - also hardware devices disabled in kernel not in server, device polling in kernel but not activated, cpu_enable_sse probably useless line.