Date: Thu, 23 Apr 2009 10:13:41 -0300 From: =?ISO-8859-1?Q?Daniel_Dias_Gon=E7alves?= <ddg@yan.com.br> To: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Subject: IPFW MAX RULES COUNT PERFORMANCE Message-ID: <49F06985.1000303@yan.com.br>
next in thread | raw e-mail | index | archive | help
Hi,
My system is a FreeBSD 7.1R.
When I add rules IPFW COUNT to 254 IPS from my network, one of my
interfaces increases the latency, causing large delays in the network,
when I delete COUNT rules, everything returns to normal, which can be ?
My script:
ipcount.php
-- CUT --
<?
$c=0;
$a=50100;
for($x=0;$x<=0;$x++) {
for($y=1;$y<=254;$y++) {
$ip = "192.168.$x.$y";
system("/sbin/ipfw -q add $a count { tcp or udp } from
any to $ip/32");
system("/sbin/ipfw -q add $a count { tcp or udp } from
$ip/32 to any");
#system("/sbin/ipfw delete $a");
$c++;
$a++;
}
}
echo "\n\nTotal: $c\n";
?>
-- CUT --
net.inet.ip.fw.dyn_keepalive: 1
net.inet.ip.fw.dyn_short_lifetime: 5
net.inet.ip.fw.dyn_udp_lifetime: 10
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.static_count: 262
net.inet.ip.fw.dyn_max: 10000
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_buckets: 10000
net.inet.ip.fw.default_rule: 65535
net.inet.ip.fw.verbose_limit: 0
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.debug: 0
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.enable: 1
net.link.ether.ipfw: 1
net.link.bridge.ipfw: 0
net.link.bridge.ipfw_arp: 0
Thanks,
Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49F06985.1000303>