Date: Sat, 3 Mar 2007 20:06:27 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: PF performance problems Message-ID: <200703032006.34064.max@love2party.net> In-Reply-To: <45E99722.6030706@innter.net> References: <45E8D523.9010205@innter.net> <7D241F60-205C-4C1E-9054-C7E6DBDFE6F6@ekalb.net> <45E99722.6030706@innter.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2084667.5KlCpX29Tu Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 03 March 2007 16:41, Sergey N. Romanov wrote: > Blake Covarrubias wrote: > > Have you tried adjusting your state limit to a higher value in your > > PF options? > > Yes, I have adjusted frags, src-nodes and states. Now this is possible > to make about 400-500 requests/s. But this is not 4500 requests/s and > too low for us in any case. How do you test? Are you by chance using abench (or similar) from one=20 probe box? In this case you are most likely exhausting your ephemeral=20 portrange. pf might be too restrictive in enforcing this rule, but you=20 can change the behavior by chaning the value for tcp.closed. Note that=20 this is purely due to the test setup and is unlikely to present itself in=20 a realworld situation - though some stupid reverse webcache setups are=20 prone to it as well. In order to verify that this is the cause, you should enable debugging=20 output (pfctl -xm) and watch the console while testing. "pfctl -si" is=20 your friend as well. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2084667.5KlCpX29Tu Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBF6cc6XyyEoT62BG0RApABAJ4/I7iAWPx5BqPgE64zV5sH+uMZowCaA/jt hyiOAF41qACuzqqTz4RySX4= =eB+e -----END PGP SIGNATURE----- --nextPart2084667.5KlCpX29Tu--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703032006.34064.max>