Those documents do not necessarily apply any more. Don't go tweaking knobs until you know what they do. We have machines here that transfer nearly a gigabit of traffic/s without tuning in bridge mode non-the-less.
Are you seeing any packet congestion markers (counter congestion) in systat pf? If so you might not have sufficient states available What about framentation? Interface errors? There are many other non-tweakable issues that could cause this. ----- Original Message ----- | Le Tue, 22 Feb 2011 11:19:26 -0600, | Mark Nipper <ni...@bitgnome.net> a icrit : | | > > The problem is that we don't get more than ~320 Mbits/s of | > > bandwith | > > beetween the internal networks and internet (gigabit). | > | > Have you already looked at: | > --- | > https://calomel.org/network_performance.html | | Yes thanks. I've already increase the size of the | net.inet.ip.ifq.maxlen. | | But I don't see the point of these tunings for a firewall. IMHO, it | could help for a host handling tcp/udp connection. | | Anyway, I've tried, that does not change anything and I don't think it | should. | | I'm not a network expert, I could be wrong. Let see: | ## Calomel.org OpenBSD /etc/sysctl.conf | ## | kern.maxclusters=128000 # Cluster allocation limit | | = netstat -m reports a peak of *only* 2500 mbufs used. | | net.inet.ip.mtudisc=0 # TCP MTU (Maximum Transmission Unit) | | = still at "1". I don't use scrub in pf or mss clamping. | | net.inet.tcp.ackonpush=1 # acks for packets with the push bit | | = only one TCP connection on the firewall (ssh). | | net.inet.tcp.ecn=1 # Explicit Congestion Notification enabled | | net.inet.tcp.mssdflt=1472 # maximum segment size (1472 from scrub | pf.conf) | | = same here, I guess the default mss is for connections from the | machine. tcpdump shows that the mss is negociated around 1450. Looks | good. | | net.inet.tcp.recvspace=262144 # Increase TCP "recieve" windows size | to increase performance | | = same, no tcp nor udp... | | I'm wrong? | | Thanks, regards. -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier
