Date: Wed, 25 Feb 2004 14:11:51 -0800 (PST) From: Aloha Guy <alohaguy123@yahoo.com> To: freebsd-questions@freebsd.org Cc: freebsd-net@freebsd.org Subject: FreeBSD box as router adding latency Message-ID: <20040225221151.91486.qmail@web41306.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Greetings everyone:
I'm using a FreeBSD based notebook (P4-M2.6Ghz, 2GB RAM) on the built in 3COM 920c (905c compatible) using the xl0 driver with the firewall enabled and set to open and rc.conf basically has:
xl0 configured as 208.204.x.224 netmask 255.255.255.0 with the alias 192.168.0.1 netmask 255.255.0.0.
natd is enabled with the natd interface as 208.204.x.224
tcp_extensions/RFC1323 is enabled
log_in_vain is set to 1
tcp_keepalive is set to YES
tcp_drop_synfin="NO"
icmp_drop_redirect="NO"
icmp_log_redirect="NO"
defaultrouter="208.201.x.1"
gateway_enable="YES"
forward_sourceroute="YES"
accept_sourceroute="YES"
I also have the following set:
# Don't respond to smurf-type icmp requests
/sbin/sysctl -w net.inet.icmp.bmcastecho=0
# Enhance Performance
/sbin/sysctl -w kern.maxfiles=65536
/sbin/sysctl -w kern.maxfilesperproc=32768
/sbin/sysctl -w kern.ipc.somaxconn=1024
/sbin/sysctl -w net.inet.ip.redirect=1
/sbin/sysctl -w net.inet6.ip6.redirect=1
/sbin/sysctl -w net.link.ether.inet.max_age=1200
The NIC is connected to a HP 2848 Managed 48 port Gigabit switch.
My rc.firewall basically has the following which is for traffic shaping as well:
setup_loopback () {
${fwcmd} add 48 skipto 100 ip from 208.201.x.224/29 to any
${fwcmd} add 49 skipto 100 ip from any to 208.201.x.224/29
${fwcmd} add 50 divert natd all from any to any via ${natd_interface}
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
${fwcmd} enable one_pass
${fwcmd} pipe 1 config bw 608Kbit/s
${fwcmd} queue 1 config pipe 1 weight 30
${fwcmd} queue 2 config pipe 1 weight 29
${fwcmd} queue 3 config pipe 1 weight 28
${fwcmd} queue 4 config pipe 1 weight 27
${fwcmd} add 63000 allow all from any to 10.0.0.0/8 out
${fwcmd} add 63001 allow all from any to 172.16.0.0/12 out
${fwcmd} add 63002 allow all from any to 192.168.0.0/16 out
${fwcmd} add 63003 allow all from any to 208.201.x.224/29 out
${fwcmd} add 63004 set 0 queue 1 tcp from any to any tcpflags ack iplen 0-80 out xmit xl0
${fwcmd} add 63005 set 0 queue 2 tcp from any to any 22,23 out xmit xl0
${fwcmd} add 63006 set 0 queue 2 udp from any to any not 80,443 out xmit xl0
${fwcmd} add 63007 set 0 queue 3 all from any to any 80,443 out xmit xl0
${fwcmd} add 63008 set 0 queue 4 all from any to any out xmit xl0
${fwcmd} add 65000 pass all from any to any
and I guess FreeBSD adds the following rule by default:
${fwcmd} add 65535 deny ip from any to any
So anyways, here is the problem, if I traceroute from the FreeBSD machine:
traceroute to yahoo.com (66.218.71.198), 64 hops max, 40 byte packets
1 adsl-208-201-x-1.sonic.net (208.201.x.1) 7.274 ms 8.060 ms 7.384 ms
2 fast1-0-0.border.sr.sonic.net (208.201.224.194) 8.900 ms 8.921 ms 9.584 ms
3 fast0-0.gw.equinix-sj.sonic.net (64.142.0.14) 15.327 ms 14.889 ms 13.765 ms
4 exchange-cust1.sjo.equinix.net (206.223.116.16) 33.692 ms 34.501 ms 33.398 ms
5 ae0-p907.pat1.pao.yahoo.com (216.115.100.17) 19.431 ms 15.831 ms 14.858 ms
6 vlan26.bas1.scd.yahoo.com (216.115.101.34) 15.178 ms 20.284 ms
vlan29.bas2.scd.yahoo.com (216.115.101.38) 15.301 ms
7 UNKNOWN-66-218-82-234.yahoo.com (66.218.82.234) 15.442 ms UNKNOWN-66-218-82-238.yahoo.com (66.218.82.238) 18.271 ms UNKNOWN-66-218-82-234.yahoo.com (66.218.82.234) 17.795 ms
8 alteon4.68.scd.yahoo.com (66.218.68.13) 17.168 ms 23.280 ms 19.143 ms
However, if I do the same traceroute from 208.201.x.225 (Intel PRO/1000CT CSA NIC connected to the same HP switch) or 208.201.x.226 (3Com 920c (905 compatible connected to the same HP switch), it seems to add some latency and timeout between hop 1 and two and beyond which is the FreeBSD box and other side of the DSL link as shown below:
Tracing route to yahoo.com [66.218.71.198] over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms adsl-208-201-x-224.sonic.net [208.201.x.224]
2 19 ms * 8 ms adsl-208-201-x-1.sonic.net [208.201.x.1]
3 9 ms 18 ms 10 ms fast1-0-0.border.sr.sonic.net [208.201.224.194]
4 17 ms 14 ms 15 ms fast0-0.gw.equinix-sj.sonic.net [64.142.0.14]
5 40 ms 34 ms 38 ms exchange-cust1.sjo.equinix.net [206.223.116.16]
6 15 ms 16 ms 23 ms ae0-p907.pat1.pao.yahoo.com [216.115.100.17]
7 17 ms 17 ms 18 ms vlan29.bas2.scd.yahoo.com [216.115.101.38]
8 16 ms 18 ms 16 ms UNKNOWN-66-218-82-234.yahoo.com [66.218.82.234]
9 18 ms 17 ms 23 ms w1.rc.vip.scd.yahoo.com [66.218.71.198]
Trace complete.
Any ideas what is causing this? Is it the xl0 driver because I've used FreeBSD machines as ethernet routers before with a similar setup except there was no NAT involved and used the fxp drivers and it never had this problem. Thanks for your help in advance!
John
---------------------------------
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040225221151.91486.qmail>