On Friday 10 February 2006 20:54, Julian Elischer wrote:
> Marcos Bedinelli wrote:
> > Hello all,
> >
> > thanks for the replies. Most of you have suggested that I turn on
> > polling and give it a try. The machine is in production, hence I need
> > to schedule downtime for that.
> >
> > The system is mainly being used as a dedicated router. It runs OSPF,
> > BGP and IPFW (around 150 rules). OSPF and BGP are managed by Quagga.
> > The box has 2 gigabit interfaces that handle on average 200Mbp/s - 50K
> > packets/s (inbound and outbound combined), each one of them.
>
> I have found that most people can optimise there ipfw rulests considerably.
>
> for example: a first rule of:
> 1 allow ip from any to any in recv {inside interfacfe}
> 2 allow ip from any to any out xmit {inside interface}
> will cut your ipfw load by 50% immediatly.
> (you should only be filterring on one interface usually)
>
> use 'skipto' rules to immediatly send incoming and outgoing data to
> different rules sets.FWIW, pf does some of those optimizations automatically called "skip steps" and "pfctl -o" restructures the ruleset so that often matching rules are moved to the top. I know that this does not map directly to IPFW, but it might still be interesting to have a look at it. > etc. > (I you want to privatly send me your ruleset I can probably help you do > this) > > julian > > > Some of you have asked for the following information: > > > > > > - As I indicated before, polling is currently disabled. > > > > > > - Hyperthreading (HTT) is disabled. > > > > > > mull [~]$vmstat -i > > interrupt total rate > > irq1: atkbd0 3466 0 > > irq6: fdc0 10 0 > > irq13: npx0 1 0 > > irq14: ata0 47 0 > > irq21: fxp1 20462527 8 > > irq28: bge0 3511765157 1444 > > irq29: bge1 3633124373 1494 > > irq30: aac0 1842472 0 > > cpu0: timer 566751007 233 > > Total 7733949060 3181 > > > > > > mull [~]$netstat -m > > 644/646/1290 mbufs in use (current/cache/total) > > 643/407/1050/17088 mbuf clusters in use (current/cache/total/max) > > 0/5/4528 sfbufs in use (current/peak/max) > > 1447K/975K/2422K bytes allocated to network (current/cache/total) > > 0 requests for sfbufs denied > > 0 requests for sfbufs delayed > > 0 requests for I/O initiated by sendfile > > 0 calls to protocol drain routines > > > > > > > > Thank you, > > > > -- > > Marcos > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
pgp93kPKZpi4J.pgp
Description: PGP signature
