Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0

From: Kris Kennaway <kris@xxxxxxxxxxxxxx>
Date: Mon, 20 Mar 2006 12:53:26 -0500

On Mon, Mar 20, 2006 at 03:33:33PM +0100, OxY wrote:

----- Original Message -----
From: "Bohuslav Plucinsky" <bohuslav.plucinsky@xxxxxxxxxxxx>
To: <freebsd-questions@xxxxxxxxxxx>
Cc: <freebsd-net@xxxxxxxxxxx>
Sent: Monday, March 20, 2006 2:10 PM
Subject: Low network performance after upgrade from FreeBSD 4.8 to 6.0

Hello,

I use the FreeBSD box as the firewall with NAT (ipfw + natd).
When I've upgraded the box from 4.8-20030810-STABLE to 6.0-RELEASE
I've noticed a performance degradation.

I've only one workstation behind the firewall and throughput
of downloading an ISO image through the firewall with 6.0-RELEASE
booted, is only 24Mbps. (When I reboot the machine with
4.8-20030810-STABLE
installation, the throughput is 80Mbps). The firewall_type was "open"
during the download:

PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
229 root 1 105 0 1428K 904K RUN 0:35 40.82% natd

options HZ=100
Can somebody advise me, if this is some configuration problem
or the requirement of FreeBSD 6.0 kernel has been increased and HW
of my firewall is not enough?

HZ=100 is not a good idea..
i set it to 1000 before and i had no idle CPU
try to set it to 2000
echo 'kern.hz="2000"' >> /boot/loader.conf

I don't think that's a sensible idea on a 400MHz CPU.

Kris

Attachment: pgpMWM4mMlO37.pgp
Description: PGP signature

References:
- Low network performance after upgrade from FreeBSD 4.8 to 6.0
  - From: Bohuslav Plucinsky
- Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0
  - From: OxY

Prev by Date: RELENG_6: IPFilter appears to leak active IP states, leading to blocked traffic
Next by Date: Re[2]: New version of iwi(4) - Call for testers [regression!]
Previous by thread: Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0
Next by thread: Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0
Index(es):
- Date
- Thread

Relevant Pages

Re: solaris
... >> router while I attempted to explain the router was ... >> of handling a CLI OS like FreeBSD? ... that these individuals would not be the target market ... > despite the fact that it should include a firewall. ...
(freebsd-questions)
Re: Wanting To Try FreeBSD: Security Question.
... How hard is it to secure FreeBSD for a desktop computer? ... The relatively minimal pf.conf file for the firewall I run on my laptop, ... A firewall is not the end of all your security needs. ...
(comp.unix.bsd.freebsd.misc)
Re: RX (download) limit problem
... > I've been seeing a strange problem with my 5.4-STABLE freebsd ... > behind it or the firewall itself) can get a decent rate. ... > In talking to some openBSD guys we had a theory that it might be something ... > the upload and download being kept symmetric and hence so low on the ...
(freebsd-current)
Re: Which intrusion detection to use?
... > I have a FreeBSD box at home which I primairily use for internet access. ... a host-based IDS is AIDE, ... > understand what the added benefit it over a tightly configured firewall. ... all unused ports to the world there will be no use in PortSentry since the ...
(FreeBSD-Security)
The way forward.....
... FreeBSD I would want to pursue a firewall that is based solely on stateful ... with IPFilter the stateful alternative" ...
(FreeBSD-Security)