* Steve Johnson <[EMAIL PROTECTED]> [2008-05-10 14:33]: > Nice to know. We're currently far from reaching those packets per second > output at the moment. I'd say with all our traffic we'd probably be looking > at 200K. I guess the platform might be the issue then, as even after > putting in place all the recommendations that I have received so far on my > setup, which includes limiting the scrub to the external interface, doing a > skip on one of the interfaces, having the rule that has 95% of the traffic > be the 5th rule in the effective ruleset (pfctl -sr) and trying various > sysctl and PF options, we're still seeing some congestion on the traffic. > > We even bumped the hardware yesterday to a Xeon 5130 (core2 xeon @2GHz) > with new Intel PCIe 4x dual gigabit network cards and the congestion > statistics are exactly the same as they were before with the older > hardware. I honestly did think I was going to get at least equal amount of > performance from this setup than from our unoptimized netfilter sytem that > we want to replace, if not even more, so that's an added reason as to why > I'm so perplexed right now :-)
congestion in what sense? the congestion counter increasing? this isnot necessarily a problem, it just must not grow fast. andof course you want to bump your ipintrq length. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
