Date: Fri, 25 May 2007 17:05:43 -0700 From: security <security@jim-liesl.org> To: Stephen.Clark@seclark.us Cc: freebsd-stable@freebsd.org Subject: Re: network performance 6.1 stable vs 4.9 Message-ID: <465779D7.6030502@jim-liesl.org> In-Reply-To: <4656D0FB.5070200@seclark.us> References: <4656D0FB.5070200@seclark.us>
next in thread | previous in thread | raw e-mail | index | archive | help
Stephen Clark wrote:
> Hello List,
>
> We have a network appliance that is currently based on 4.9. We are in
> the process of releasing
> a new version based on 6.1 stable.
>
> In our testing using nttcp thru the appliance we see insignifant
> difference in thruput between the 2
> versions in a controlled environment - aproximately 94mbs on a 100mb lan.
>
> We have a person that is testing the both system inhouse surfing out
> over the internet on our T1
> link and he complains that he is consistently seeing the 6.1 version
> being much slower than the
> 4.9 version (on the same hardware).
> He has been comparing the 6.1 system to 4.9 system for a couple of weeks
> and continues to insist the 6.1 version is much slower.
>
> Are there any sysctl tunables that may affect performance going over
> the internet
> with a slower link, dropped packets, etc that could cause this?
>
Well, oddly enough I've playing with 6.1's perf as it relates to gigE
lans so let me pass on a few things
* polling only really helps if your nic is generating lot's of
interrupts, or is having to compete with something that does. In
fact, setting "polling" on an interface could make things seem
slightly LESS responsive for small requests
* nic chipset selection is important, but probably not for a f/w
dealing with t1/broadband speeds
* Don't even get down tweaking tcp send and recv buffers. You have
no idea what the BDP will be on your WAN link. Same thing for
jumbo frames on the inside link.
o Having said that, This is what is in my sysctl.conf file.
It does matter in a gigE lan, but probably not for a SMB
firewall thats only got a t1 on the WAN side.
kern.ipc.maxsockbuf=8192000
net.inet.tcp.sendspace=262144
net.inet.tcp.recvspace=262144
* make sure you set net.inet.tcp.rfc1323: 1 (most likely the default)
* play with net.inet.tcp.inflight.enable (0 or 1), it never made a
diff in my gigE lan testing
* get real data using iperf (in ports/benchmarking) if you go to the
iperf website, they have binaries for windows
o XP's default network tuning is beyond bad, but your
customers most likely aren't tweaking their registries either
* use netstat -m to look at your buffer usage, particularly if
you're dropping packets
* depending on how much memory you have you might want to jump up
kern.ipc.nmbclusters, but only if you seem to be dropping packets.
* verify that your nics are setting speed and duplex correctly
* which firewall package are you using?
* use ethereal/wireshark to examine your net flow. Alot of tcp
resets and retransmits can make a big impact if TCP is constantly
having to resync.
jim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?465779D7.6030502>