Date: Tue, 8 Mar 2005 01:52:05 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: nat / rdr timeouts? Message-ID: <200503080152.11837.max@love2party.net> In-Reply-To: <BAY24-F208A7E1EA7876ABE868203CC500@phx.gbl> References: <BAY24-F208A7E1EA7876ABE868203CC500@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart4222114.KWxldEHC5O
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Tuesday 08 March 2005 01:28, Stephane Raimbault wrote:
> Okay, I setup an OpenBSD 3.6 box with pf today as a test and I can not
> replicate the problem with OpenBSD.
>
> In fact, running the ab test returned MUCH beter results in terms of times
> to return the page and according to top the cpu barely budged when running
> the test on the openbsd pf box. However running top on the freebsd pf box
> I clearly see a spike in cpu traffic as the cpu idle drops to 0% for a
> second.
>
>
> I'm currently running RELENG_5 on the freebsd box from this weekend... are
> there some debugging stuff turned on in the kernel that would explain the
> performance diffrence?
>
> I tried to replicate the test as closely as possible however there are so=
me
> subtle diffrences in my test.
>
> OpenBSD test
>
> PowerBook laptop (running ab) to an IP on the local network (openbsd ext
> interface (vlan0)) thru to the same openbsd box int interface (vlan1) to
> the web servers (10.0.11.16 and 10.0.11.17).
>
> FreeBSD Test
>
> IBM server running freebsd (ab) to an IP on it's local network (freebsd e=
xt
> interface (em0) thru to the same freebsd box int interface (em1) to the w=
eb
> severs (10.0.11.16 and 10.0.11.17).
>
> network wise it should be pretty much the same. The only thing that came
> to mind, maybe it's because the powerbook is a better box then the IBM
> server running freebsd ? but then seeing the CPU idle time and comparing
> the Freebsd +pf and the OpenBSD +pf being so diffrent... I ponder my
> question.
>
>
> Hope this makes sense. Let me know if there is any other data I can
> provide ?
I don't fully understand how your setup looks like. Where are you running =
ab=20
from? Is there a dedicated box you run it on or are you running it on/from=
=20
the redirecting box itself? Could you get the following setup realized:
/----- OpenBSD ----\ WWW_1
| | / WWW_2
ab Client ---+ +-----+- ...
| | \ WWW_N
\----- FreeBSD ----/
It does not matter (too much) how the gateways are connected to the client =
and=20
the servers, what matters is that the client and the servers are the same f=
or=20
both tests. I suspect that (if you were running ab from the FreeBSD server=
)=20
you discovered a bug in FreeBSD's socket/tcp code much rather than in pf. =
=20
Please let me know if I misunderstood something and explain your test setup=
=20
with a bit more detail.
Thanks a lot in advance.
<snipp - it is linewarpping as hell, anyway>
=2D-=20
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
--nextPart4222114.KWxldEHC5O
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
iD8DBQBCLPc7XyyEoT62BG0RAsrSAJ41D1dxIiOsQwMEo2pbK99IcG5hswCfWmeZ
NTiCF0pUiiz7fzdbTcl9yVI=
=eY3L
-----END PGP SIGNATURE-----
--nextPart4222114.KWxldEHC5O--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503080152.11837.max>