Le Tue, 22 Feb 2011 11:19:26 -0600, Mark Nipper <ni...@bitgnome.net> a icrit :
> > The problem is that we don't get more than ~320 Mbits/s of bandwith > > beetween the internal networks and internet (gigabit). > > Have you already looked at: > --- > https://calomel.org/network_performance.html Yes thanks. I've already increase the size of the net.inet.ip.ifq.maxlen. But I don't see the point of these tunings for a firewall. IMHO, it could help for a host handling tcp/udp connection. Anyway, I've tried, that does not change anything and I don't think it should. I'm not a network expert, I could be wrong. Let see: ## Calomel.org OpenBSD /etc/sysctl.conf ## kern.maxclusters=128000 # Cluster allocation limit = netstat -m reports a peak of *only* 2500 mbufs used. net.inet.ip.mtudisc=0 # TCP MTU (Maximum Transmission Unit) = still at "1". I don't use scrub in pf or mss clamping. net.inet.tcp.ackonpush=1 # acks for packets with the push bit = only one TCP connection on the firewall (ssh). net.inet.tcp.ecn=1 # Explicit Congestion Notification enabled net.inet.tcp.mssdflt=1472 # maximum segment size (1472 from scrub pf.conf) = same here, I guess the default mss is for connections from the machine. tcpdump shows that the mss is negociated around 1450. Looks good. net.inet.tcp.recvspace=262144 # Increase TCP "recieve" windows size to increase performance = same, no tcp nor udp... I'm wrong? Thanks, regards.
