Date: Wed, 29 Sep 2010 14:31:16 -0700 From: "Michael K. Smith - Adhost" <mksmith@adhost.com> To: =?iso-8859-1?Q?Samuel_Mart=EDn_Moro?= <faust64@gmail.com>, <freebsd-performance@freebsd.org> Subject: RE: freebsd router Message-ID: <17838240D9A5544AAA5FF95F8D52031608F04693@ad-exh01.adhost.lan> In-Reply-To: <AANLkTim1XueAwOgjoKXiFh_epcx8m12mzgD%2BpNoR5y_u@mail.gmail.com> References: <AANLkTim1XueAwOgjoKXiFh_epcx8m12mzgD%2BpNoR5y_u@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Here are my settings for a box doing about 100 Mb/sec. I just included = the values that are different than yours. kern.ipc.somaxconn: 32768 net.inet.ip.check_interface: 0 net.inet.ip.fastforwarding: 0 net.inet.ip.portrange.first: 49152 net.inet.ip.rtexpire: 3600 net.inet.ip.rtmaxcache: 128 net.inet.ip.rtminexpire: 10 net.inet.ip.ttl: 64 net.inet.tcp.delacktime: 100 net.inet.tcp.drop_synfin: 0 net.inet.tcp.fast_finwait2_recycle: 0 net.inet.tcp.icmp_may_rst: 1 net.inet.icmp.icmplim: 2000 net.inet.tcp.msl: 30000 net.inet.tcp.rfc1323: 1 net.inet.tcp.inflight.enable: 0 net.inet.tcp.recvspace: 65536 net.inet.tcp.sendspace: 65536 net.inet.udp.maxdgram: 57344 net.inet.udp.recvspace: 65536 net.inet.raw.maxdgram: 9216 net.inet.raw.recvspace: 9216 net.local.dgram.maxdgram: 2048 net.local.dgram.recvspace: 4096 net.local.stream.sendspace: 8192 net.local.stream.recvspace: 65536 net.inet.tcp.local_slowstart_flightsize: 4 net.inet.tcp.nolocaltimewait: 0 vfs.read_max: 8 In addition, we set: net.inet.tcp.mssdflt=3D1460 kern.ipc.maxsockbuf=3D16777216 kern.ipc.nmbclusters=3D32768 kern.maxfiles=3D65536 kern.maxfilesperproc=3D32768 kern.maxvnodes=3D600000 net.inet.tcp.path_mtu_discovery=3D0 net.inet.tcp.recvbuf_auto=3D1 net.inet.tcp.recvbuf_inc=3D16384 net.inet.tcp.recvbuf_max=3D16777216 net.inet.tcp.sendbuf_auto=3D1 net.inet.tcp.sendbuf_inc=3D8192 net.inet.tcp.sendbuf_max=3D16777216 Regards, Mike -- Michael K. Smith - CISSP, GSEC, GISP Chief Technical Officer - Adhost Internet LLC mksmith@adhost.com w: +1 (206) 404-9500 f: +1 (206) 404-9050 PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D) > -----Original Message----- > From: owner-freebsd-performance@freebsd.org [mailto:owner-freebsd- > performance@freebsd.org] On Behalf Of Samuel Mart=EDn Moro > Sent: Wednesday, September 29, 2010 1:45 PM > To: freebsd-performance@freebsd.org > Subject: freebsd router >=20 > Hi, >=20 >=20 > I'm trying to replace my (dying) gateway with a qnap ts-509 (1G DDR, = celeron > m420 1.6Ghzs). > I'm using mfsBSD, based on FreeBSD-RELEASE-8.1 amd64. > It's almost ready (zfs, nfs, dns, pf, ...), I'm checking everything's = OK to > swap the gate. >=20 >=20 > I noticed that opening a new connection to distant or local computer = is > (very) slow. > After that, everything works perfectly fine. > So I had a look at sysctl, and tried to fix that problem. >=20 > Now, when I start a ping on a client from my network (disabled on the = gate), > I have something like that: > faust@alpha ~ : time ping -c 4 google.com > PING google.com (66.249.92.104) 56(84) bytes of data. > 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=3D1 = ttl=3D53 > time=3D7.12 ms > 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=3D2 = ttl=3D53 > time=3D7.32 ms > 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=3D3 = ttl=3D53 > time=3D7.18 ms > 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=3D4 = ttl=3D53 > time=3D7.18 ms >=20 > --- google.com ping statistics --- > 4 packets transmitted, 4 received, 0% packet loss, time 15034ms > rtt min/avg/max/mdev =3D 7.126/7.205/7.329/0.128 ms > 0.000u 0.000s 0:25.08 0.0% 0+0k 0+0io 0pf+0w >=20 >=20 > So, it takes 5 seconds to display the first line (connect), and then 5 > second per ping. > 25 seconds, for 4 pings... > Obviously, my tries doesn't make it work any better... >=20 >=20 > I found some infos > here<http://people.freebsd.org/~hmp/utilities/satbl/sysctl-net.html>; > , here <http://www.freebsd.org/doc/handbook/configtuning-kernel- > limits.html> > , there <http://silverwraith.com/papers/freebsd-ddos.php>; and > there<http://www.freebsdblog.org/52/sysctlconf-sample/>; > But I'm still not sure about the tuning implications for most of those = vars. >=20 >=20 >=20 > Here is my sysctl.conf: > kern.coredump=3D0 > kern.ipc.somaxconn=3D4096 >=20 > net.inet.ip.check_interface=3D1 > net.inet.ip.fastforwarding=3D1 > net.inet.ip.forwarding=3D1 > net.inet.ip.portrange.first=3D1024 > net.inet.ip.portrange.last=3D65535 > net.inet.ip.rtexpire=3D2 > net.inet.ip.rtmaxcache=3D256 > net.inet.ip.rtminexpire=3D2 > net.inet.ip.ttl=3D42 >=20 > net.inet.udp.blackhole=3D1 > net.inet.tcp.blackhole=3D2 > net.inet.tcp.delacktime=3D42 > net.inet.tcp.delayed_ack=3D0 > net.inet.tcp.drop_synfin=3D1 > net.inet.tcp.fast_finwait2_recycle=3D1 > net.inet.tcp.icmp_may_rst=3D0 > net.inet.icmp.icmplim=3D42 > net.inet.tcp.ecn.enable=3D1 > net.inet.tcp.msl=3D5000 > net.inet.tcp.rfc1323=3D0 >=20 > net.inet.tcp.inflight.enable=3D1 > net.inet.tcp.inflight.max=3D1073725440 > net.inet.tcp.inflight.stab=3D20 > net.inet.tcp.inflight.min=3D1024 >=20 > net.inet.tcp.recvspace=3D82320 > net.inet.tcp.sendspace=3D82320 > net.inet.udp.maxdgram=3D82320 > net.inet.udp.recvspace=3D82320 > net.inet.raw.maxdgram=3D82320 > net.inet.raw.recvspace=3D82320 > net.local.dgram.maxdgram=3D82320 > net.local.dgram.recvspace=3D82320 > net.local.stream.sendspace=3D82320 > net.local.stream.recvspace=3D82320 > net.inet.tcp.local_slowstart_flightsize=3D10 > net.inet.tcp.nolocaltimewait=3D1 >=20 > vfs.read_max=3D32 >=20 >=20 >=20 >=20 > So, I was wondering, is something wrong in there? > Or should I keep looking somewhere else? > Where? >=20 >=20 >=20 > Thanks for your help, >=20 > -- > Samuel Mart=EDn Moro > {EPITECH.} tek5 > _______________________________________________ > freebsd-performance@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-performance > To unsubscribe, send any mail to "freebsd-performance- > unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17838240D9A5544AAA5FF95F8D52031608F04693>