Date: Wed, 29 Sep 2010 18:32:01 -0400 From: Steve Polyack <korvus@comcast.net> To: =?ISO-8859-1?Q?Samuel_Mart=EDn_Moro?= <faust64@gmail.com> Cc: freebsd-performance@freebsd.org Subject: Re: freebsd router Message-ID: <4CA3BE61.7020702@comcast.net> In-Reply-To: <AANLkTim1XueAwOgjoKXiFh_epcx8m12mzgD%2BpNoR5y_u@mail.gmail.com> References: <AANLkTim1XueAwOgjoKXiFh_epcx8m12mzgD%2BpNoR5y_u@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/29/2010 4:44 PM, Samuel Martín Moro wrote: > Hi, > > > I'm trying to replace my (dying) gateway with a qnap ts-509 (1G DDR, celeron > m420 1.6Ghzs). > I'm using mfsBSD, based on FreeBSD-RELEASE-8.1 amd64. > It's almost ready (zfs, nfs, dns, pf, ...), I'm checking everything's OK to > swap the gate. > > > I noticed that opening a new connection to distant or local computer is > (very) slow. > After that, everything works perfectly fine. > So I had a look at sysctl, and tried to fix that problem. > > Now, when I start a ping on a client from my network (disabled on the gate), > I have something like that: > faust@alpha ~ : time ping -c 4 google.com > PING google.com (66.249.92.104) 56(84) bytes of data. > 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=1 ttl=53 > time=7.12 ms > 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=2 ttl=53 > time=7.32 ms > 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=3 ttl=53 > time=7.18 ms > 64 bytes from par03s01-in-f104.1e100.net (66.249.92.104): icmp_seq=4 ttl=53 > time=7.18 ms > > --- google.com ping statistics --- > 4 packets transmitted, 4 received, 0% packet loss, time 15034ms > rtt min/avg/max/mdev = 7.126/7.205/7.329/0.128 ms > 0.000u 0.000s 0:25.08 0.0% 0+0k 0+0io 0pf+0w > > > So, it takes 5 seconds to display the first line (connect), and then 5 > second per ping. > 25 seconds, for 4 pings... > Obviously, my tries doesn't make it work any better... > Are you certain this isn't an issue with your DNS resolver(s) listed in /etc/resolv.conf? How do things change if you try 'ping -n 66.249.92.104'? Steve > I found some infos > here<http://people.freebsd.org/~hmp/utilities/satbl/sysctl-net.html>; > , here<http://www.freebsd.org/doc/handbook/configtuning-kernel-limits.html>; > , there<http://silverwraith.com/papers/freebsd-ddos.php>; and > there<http://www.freebsdblog.org/52/sysctlconf-sample/>; > But I'm still not sure about the tuning implications for most of those vars. > > > > Here is my sysctl.conf: > kern.coredump=0 > kern.ipc.somaxconn=4096 > > net.inet.ip.check_interface=1 > net.inet.ip.fastforwarding=1 > net.inet.ip.forwarding=1 > net.inet.ip.portrange.first=1024 > net.inet.ip.portrange.last=65535 > net.inet.ip.rtexpire=2 > net.inet.ip.rtmaxcache=256 > net.inet.ip.rtminexpire=2 > net.inet.ip.ttl=42 > > net.inet.udp.blackhole=1 > net.inet.tcp.blackhole=2 > net.inet.tcp.delacktime=42 > net.inet.tcp.delayed_ack=0 > net.inet.tcp.drop_synfin=1 > net.inet.tcp.fast_finwait2_recycle=1 > net.inet.tcp.icmp_may_rst=0 > net.inet.icmp.icmplim=42 > net.inet.tcp.ecn.enable=1 > net.inet.tcp.msl=5000 > net.inet.tcp.rfc1323=0 > > net.inet.tcp.inflight.enable=1 > net.inet.tcp.inflight.max=1073725440 > net.inet.tcp.inflight.stab=20 > net.inet.tcp.inflight.min=1024 > > net.inet.tcp.recvspace=82320 > net.inet.tcp.sendspace=82320 > net.inet.udp.maxdgram=82320 > net.inet.udp.recvspace=82320 > net.inet.raw.maxdgram=82320 > net.inet.raw.recvspace=82320 > net.local.dgram.maxdgram=82320 > net.local.dgram.recvspace=82320 > net.local.stream.sendspace=82320 > net.local.stream.recvspace=82320 > net.inet.tcp.local_slowstart_flightsize=10 > net.inet.tcp.nolocaltimewait=1 > > vfs.read_max=32 > > > > > So, I was wondering, is something wrong in there? > Or should I keep looking somewhere else? > Where? > > > > Thanks for your help, >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CA3BE61.7020702>