Re: mbuf / maxfiles / maxsockets / etc autoscaling patch
Cool stuff and overdue for a lng time! A few comments on the code: - IMHO it would be helpful to print the chosen values into the boot dmesg (maybe larger parts of it only with verbose). This aids explaining strange symtoms if someone adds/removes RAM and is not aware of autoscaling. "I took out 128MB of RAM and my webserver starts to fail..." Autoscaling enabled, setting values based on 64MB of usable RAM Autoscaling mproc=1024, mfiles=8192, msocket=4096, callout=9232, nmbcl=2048, nsfbuf=1024, tcphashsize=512 - I would suggest to append "MIN|MAX" to the variable instead of prepending it +#define TCBHASHPERMB 8 +#define TCBHASHAUTOMIN 512 +#define TCBHASHAUTOMAX 8192 - An update to the tuning man page describing this autoscaling is missing from this patch. -- Andre Mike Silbersack wrote: > > Here's the autoscaling patch I was mumbling about earlier this week. > With this patch applied, the necessity of tuning maxusers when one > upgrades to a machine with more ram should be removed in most cases. > (This patch is only to -current, the mbuf changes will make it not apply > cleanly to -stable patch if there is sufficient demand right now.) > > Here's a quick look at the size of various memory allocations with various > maxusers sizes and with the autoscaling patch: > > With maxusers: > > musers mproc mfiles msocket callout nmbcl nsfbuf tcp hash size > 32 532 10641064161210241024512 > 64 104420882088314815361536512 > 128 206841364136622025602560512 > 256 41168232823212364 46084608512 > > With autoscaling: > > MB ram mproc mfiles msocket callout nmbcl nsfbuf tcp hash size > 32 512 40962048462410241024512 > 64 102481924096923220481024512 > 128 204816384 819218448 409620481024 > 256 409632768 16384 36880 819240962048 > 384 614449152 24576 55312 12288 61443072 > 512 819265536 32767 73744 16384 81924096 > (Values above this start to flatten out due to #defined maximums) > > Note that in general calculations are of the following form: > > value = max(maxusers-derived value, autoscale-derived value); > value = loader tuned value if present > > As such, under no circumstances will people suddenly see a decrease in > various parameters when they upgrade to an autoscaling kernel; only > increases. > > I'm sure that there will be much commotion about what scaling factors are > correct. To make changes to these easy, I have grouped all the mins, > scaling factors, and maxes in param.h - tweaking them is quite simple. > > I included mins and maxes to make sure that autoscaling doesn't cause > problems by creating low values on small memory machines and also so that > it does not specify really high values on 2GB+ machines. The high case is > what worries me; I have not heard much about how well maxsockets / > nmbclusters > 32767 really works. If people running high volume systems > that actively use that many simultaneous sockets + clusters + files, I'd > be glad to bump up the maxes. > > Oh, there's one more kicker thrown in; I changed maxfilesperproc to equal > 9/10ths of maxfiles, and maxprocperuid to equal 9/10 maxproc; this'll help > to prevent a single process or user from forkbombing the system or running > it out of file handles with a default configuration. > > Please review. > > Thanks, > > Mike "Silby" Silbersack > > > Name: autoscale.patch >autoscale.patchType: Plain Text (TEXT/PLAIN) > Encoding: BASE64 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: mbuf / maxfiles / maxsockets / etc autoscaling patch
Andre Oppermann wrote: > > Cool stuff and overdue for a lng time! > > A few comments on the code: > > - IMHO it would be helpful to print the chosen values into the boot >dmesg (maybe larger parts of it only with verbose). This aids >explaining strange symtoms if someone adds/removes RAM and is not >aware of autoscaling. "I took out 128MB of RAM and my webserver >starts to fail..." > > Autoscaling enabled, setting values based on 64MB of usable RAM > Autoscaling mproc=1024, mfiles=8192, msocket=4096, callout=9232, > nmbcl=2048, nsfbuf=1024, tcphashsize=512 > > - I would suggest to append "MIN|MAX" to the variable instead of >prepending it > > +#define TCBHASHPERMB 8 > +#define TCBHASHAUTOMIN 512 > +#define TCBHASHAUTOMAX 8192 > > - An update to the tuning man page describing this autoscaling is >missing from this patch. - Only do autoscaling only if MAXUSERS=0 in kernel compile. Also change GENERIC to set MAXUSERS to null. (This is from Matt's patch) -- Andre > -- > Andre > > Mike Silbersack wrote: > > > > Here's the autoscaling patch I was mumbling about earlier this week. > > With this patch applied, the necessity of tuning maxusers when one > > upgrades to a machine with more ram should be removed in most cases. > > (This patch is only to -current, the mbuf changes will make it not apply > > cleanly to -stable patch if there is sufficient demand right now.) > > > > Here's a quick look at the size of various memory allocations with various > > maxusers sizes and with the autoscaling patch: > > > > With maxusers: > > > > musers mproc mfiles msocket callout nmbcl nsfbuf tcp hash size > > 32 532 10641064161210241024512 > > 64 104420882088314815361536512 > > 128 206841364136622025602560512 > > 256 41168232823212364 46084608512 > > > > With autoscaling: > > > > MB ram mproc mfiles msocket callout nmbcl nsfbuf tcp hash size > > 32 512 40962048462410241024512 > > 64 102481924096923220481024512 > > 128 204816384 819218448 409620481024 > > 256 409632768 16384 36880 819240962048 > > 384 614449152 24576 55312 12288 61443072 > > 512 819265536 32767 73744 16384 81924096 > > (Values above this start to flatten out due to #defined maximums) > > > > Note that in general calculations are of the following form: > > > > value = max(maxusers-derived value, autoscale-derived value); > > value = loader tuned value if present > > > > As such, under no circumstances will people suddenly see a decrease in > > various parameters when they upgrade to an autoscaling kernel; only > > increases. > > > > I'm sure that there will be much commotion about what scaling factors are > > correct. To make changes to these easy, I have grouped all the mins, > > scaling factors, and maxes in param.h - tweaking them is quite simple. > > > > I included mins and maxes to make sure that autoscaling doesn't cause > > problems by creating low values on small memory machines and also so that > > it does not specify really high values on 2GB+ machines. The high case is > > what worries me; I have not heard much about how well maxsockets / > > nmbclusters > 32767 really works. If people running high volume systems > > that actively use that many simultaneous sockets + clusters + files, I'd > > be glad to bump up the maxes. > > > > Oh, there's one more kicker thrown in; I changed maxfilesperproc to equal > > 9/10ths of maxfiles, and maxprocperuid to equal 9/10 maxproc; this'll help > > to prevent a single process or user from forkbombing the system or running > > it out of file handles with a default configuration. > > > > Please review. > > > > Thanks, > > > > Mike "Silby" Silbersack > > > > > > Name: autoscale.patch > >autoscale.patchType: Plain Text (TEXT/PLAIN) > > Encoding: BASE64 > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Gigabit for FreeBSD
D-LINK DGE500-SX works good! --On Freitag, Dezember 07, 2001 10:22:44 -0800 David Smithson <[EMAIL PROTECTED]> wrote: > Hi all. Does anyone know of a good stable 1000baseTX gigabit network > adapter that works well with FreeBSD? I have this Netgear adapter that > seems to have problems. Help is -- of course -- appreciated. Thanks. > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: mbuf / maxfiles / maxsockets / etc autoscaling patch
On Mon, 10 Dec 2001, Andre Oppermann wrote: > - Only do autoscaling only if MAXUSERS=0 in kernel compile. Also >change GENERIC to set MAXUSERS to null. (This is from Matt's patch) > > -- > Andre Matt & I are working on merging the two approaches, once we've finished throwing numbers together we'll commit the merged patch. Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Gigabit for FreeBSD
I am running two FreeBSD (4.4-stable) systems here with the following GigE cards: Linksys EG1064 SMC 9462TX They both use the National Semiconductor chip and are supported by the nge driver. Both are in dual Athlon systems (Tyan S2460 MBs), connected to a Linksys EG0008 GigE switch, and are working well. I am experiencing three relatively small issues: 1. The SMC card seems to take a couple of tries to get the link up. I usually get several messages at boot time that the gigabit link is up from the driver, so it appears that it comes up put quickly drops one or more times before finally staying up (I have never seen it drop once the system is running). 2. The Linksys card appears to be about 25% slower than the SMC card. With netperf I get up to 85 MB/s with the SMC card and only 65 MB/s with the SMC. Note that the Linksys card is in the faster of the two systems (1.533 GHz CPUs vs. 1.2 GHz for the SMC card's CPUs). 3. If I statically link the driver in the kernel it disrupts my sound card. This doesn't happen if I dynamically load the driver. However, all of these are easily ignored or worked around in my environment. Bob On Mon, Dec 10, 2001 at 10:08:43AM +0100, Martin Stiemerling wrote: > D-LINK DGE500-SX works good! > > > --On Freitag, Dezember 07, 2001 10:22:44 -0800 David Smithson > <[EMAIL PROTECTED]> wrote: > > > Hi all. Does anyone know of a good stable 1000baseTX gigabit network > > adapter that works well with FreeBSD? I have this Netgear adapter that > > seems to have problems. Help is -- of course -- appreciated. Thanks. > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > with "unsubscribe freebsd-net" in the body of the message > > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message -- Bob Willcox Boucher's Observation: [EMAIL PROTECTED] He who blows his own horn always plays the music Austin, TX several octaves higher than originally written. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
importing Kame's NATPT ?
I notice that kame has NATPT (a mechanism to let IPv6-only hosts interact with the IPv4 Internet) and that it has not been imported. I would like to see if it's possible to import just that bit of functionality as an independent unit (it gets us one step closer to killing IPv4). It appears to drop right in. The only real change in the existing code is an itty bitty chunk of stuff in ip_input() and ip6_input() that is #ifdef NATPT. Is anyone already doing this? Is there anyone I should coordinate this with? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
RE: Gigabit for FreeBSD
> I am experiencing three relatively small issues: > > 1. The SMC card seems to take a couple of tries to get the link up. I >usually get several messages at boot time that the gigabit > link is up >from the driver, so it appears that it comes up put > quickly drops one >or more times before finally staying up (I have never seen it drop >once the system is running). > I have a similar issue with the nge driver. Ocasionally I will get repeated messages "gigabit link up" or something like that. It's not a regular occurance though, and the link never actually comes up. I wonder if there could be some conflict between the Netgear interface and my Asante switch. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Gigabit for FreeBSD
On Mon, Dec 10, 2001 at 10:20:55AM -0800, David Smithson wrote: > > I am experiencing three relatively small issues: > > > > 1. The SMC card seems to take a couple of tries to get the link up. I > >usually get several messages at boot time that the gigabit > > link is up > >from the driver, so it appears that it comes up put > > quickly drops one > >or more times before finally staying up (I have never seen it drop > >once the system is running). > > > > I have a similar issue with the nge driver. Ocasionally I will get repeated >messages "gigabit link up" or something like that. It's not a regular occurance >though, and the link never actually comes up. I wonder if there could be some >conflict between the Netgear interface and my Asante switch. Perhaps so. I get this (though the link usually does finally stay up) with both of the SMC cards that I have tried with my Linksys switch. On the other hand, my Linksys card always comes up on the first try with the Linksys switch. Unfortunately, it's also 25% slower than the SMC cards :-( Bob -- Bob Willcox Boucher's Observation: [EMAIL PROTECTED] He who blows his own horn always plays the music Austin, TX several octaves higher than originally written. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
1 IP - 1 Firewall - 2 Webservers
Hello We have ONE static IP with our ISP via a Cable Modem. Connected at our end of the Cable Modem is a FreeBSD Firewall / Internet Gateway for the rest of the internal Lan. On the Internal Network we have 2 Web / Mail servers which collect mail and serve HTTP requests recieved from the gateway box. INTERNET ---> GATEWAY_BOX ---> WEBSERVER_1 (www.domain1.com, [EMAIL PROTECTED]) ---> WEBSERVER_2 (www.domain2.com, [EMAIL PROTECTED]) ---> WORKSTATIONS We are currently using squid to forward on the HTTP requests to the web servers decided by domain requested, ie if someone goes to www.domain1.com/index.htm this request will be forwarded by Squid to the WEBSERVER_1. This has been working fine, until I decided to run some tests, and look through the apache logs on the WEBSERVER_1. ALL incoming Client IP's and Addresses are always that of the GATEWAY_BOX. This poses a problem for websites which have security on them for OUTSIDE addresses, as this security will no longer work.. Also, WebStats are going to be invalid as all requests are made from the Gateway IP. Does anybody have any solutions for this problem? Other software solutions which will fun on FreeBSD? Any help would be most appreciated - even just a "I wouldn't have a clue, e-mail this group" or something. Thanks All Tom Peck To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Is there a way to clear stats from netstat -i
4.4-stable box netstat -i shows the number of packets and number of errors sent/received via the IPkt/Ierrs/Opkts/Oerrs fields. I would like to see if changing network cables and reset those fields shows reduction in the Ierrs/Oerrs field Is there a way to clear those flags netstat -sz doesn't seem to clear those flags and whilst netstat -iz doesn't barf on me even though the man page doesn't seem to indicate that this is a valid option Regards, Yusuf -- Yusuf Goolamabbas [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
do we really need NETISR_foo == AF_foo ?
Hi, for some reasons (device polling), i need to register a couple of netisr which are executed with highest and lowest priority among network soft interrupts. In other word, i would need #define NETISR_POLL 0 #define NETISR_POLLMORE 31 Now, the former is available, so no problem. The latter is already taken by NETISR_NETGRAPH, but I can still do something like what i need by modifying swi_net() (or the equivalent piece of assembly code in -stable; speaking of which, i wonder if we can replace it with a C function). However, I was wonder if it is really necessary that NETISR_foo has the same value as AF_foo, or it is possible to shift up values and fill holes to free the last bit ? cheers luigi To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: 1 IP - 1 Firewall - 2 Webservers
I have a solution for exactlythis problem You need the patch I submitted for ipfw fwd of incoming packets about 3 weeks ago. it allows load sharing to an arbitrary number of webservers transparently I sent it to "net" and it had a subject of RFC: (something) the mail includes how to set it up.. it uses about 1% of cpu redirecting a 10Mb ethernet to 2 servers. (sorry to be vague but look it up in the archives with julian AND RFC AND ipfwin the net list.. On Tue, 11 Dec 2001, Tom Peck wrote: > Hello > > We have ONE static IP with our ISP via a Cable Modem. Connected at our end > of the Cable Modem is a FreeBSD Firewall / Internet Gateway for the rest of > the internal Lan. > > On the Internal Network we have 2 Web / Mail servers which collect mail and > serve HTTP requests recieved from the gateway box. > > INTERNET ---> GATEWAY_BOX ---> WEBSERVER_1 (www.domain1.com, [EMAIL PROTECTED]) > ---> WEBSERVER_2 (www.domain2.com, [EMAIL PROTECTED]) > ---> WORKSTATIONS > > > We are currently using squid to forward on the HTTP requests to the web > servers decided by domain requested, ie if someone goes to > www.domain1.com/index.htm this request will be forwarded by Squid to the > WEBSERVER_1. > > This has been working fine, until I decided to run some tests, and look > through the apache logs on the WEBSERVER_1. ALL incoming Client IP's and > Addresses are always that of the GATEWAY_BOX. This poses a problem for > websites which have security on them for OUTSIDE addresses, as this > security will no longer work.. Also, WebStats are going to be invalid as > all requests are made from the Gateway IP. > > Does anybody have any solutions for this problem? Other software solutions > which will fun on FreeBSD? Any help would be most appreciated - even just > a "I wouldn't have a clue, e-mail this group" or something. > > Thanks All > > Tom Peck > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: 1 IP - 1 Firewall - 2 Webservers
Thank-you for the reply Julian. I will get our network guru onto it and let you know the results. Tom At 21:13 10/12/2001 -0800, you wrote: >I have a solution for exactlythis problem >You need the patch I submitted for ipfw fwd of incoming packets >about 3 weeks ago. > >it allows load sharing to an arbitrary number of webservers transparently >I sent it to "net" and it had a subject of RFC: (something) > >the mail includes how to set it up.. >it uses about 1% of cpu redirecting a 10Mb ethernet to 2 servers. >(sorry to be vague but look it up in the archives with >julian AND RFC AND ipfwin the net list.. > > >On Tue, 11 Dec 2001, Tom Peck wrote: > > > Hello > > > > We have ONE static IP with our ISP via a Cable Modem. Connected at our > end > > of the Cable Modem is a FreeBSD Firewall / Internet Gateway for the > rest of > > the internal Lan. > > > > On the Internal Network we have 2 Web / Mail servers which collect mail > and > > serve HTTP requests recieved from the gateway box. > > > > INTERNET ---> GATEWAY_BOX ---> WEBSERVER_1 (www.domain1.com, > [EMAIL PROTECTED]) > > ---> WEBSERVER_2 (www.domain2.com, > [EMAIL PROTECTED]) > > ---> WORKSTATIONS > > > > > > We are currently using squid to forward on the HTTP requests to the web > > servers decided by domain requested, ie if someone goes to > > www.domain1.com/index.htm this request will be forwarded by Squid to the > > WEBSERVER_1. > > > > This has been working fine, until I decided to run some tests, and look > > through the apache logs on the WEBSERVER_1. ALL incoming Client IP's and > > Addresses are always that of the GATEWAY_BOX. This poses a problem for > > websites which have security on them for OUTSIDE addresses, as this > > security will no longer work.. Also, WebStats are going to be invalid as > > all requests are made from the Gateway IP. > > > > Does anybody have any solutions for this problem? Other software > solutions > > which will fun on FreeBSD? Any help would be most appreciated - even just > > a "I wouldn't have a clue, e-mail this group" or something. > > > > Thanks All > > > > Tom Peck > > > > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: 1 IP - 1 Firewall - 2 Webservers
Julian Elischer <[EMAIL PROTECTED]> wrote: > On Tue, 11 Dec 2001, Tom Peck wrote: > > We have ONE static IP with our ISP via a Cable Modem. Connected at our end > > of the Cable Modem is a FreeBSD Firewall / Internet Gateway for the rest of > > the internal Lan. > > > > On the Internal Network we have 2 Web / Mail servers which collect mail and > > serve HTTP requests recieved from the gateway box. > > > > INTERNET ---> GATEWAY_BOX ---> WEBSERVER_1 (www.domain1.com, [EMAIL PROTECTED]) > > ---> WEBSERVER_2 (www.domain2.com, [EMAIL PROTECTED]) > > ---> WORKSTATIONS > > > > > > We are currently using squid to forward on the HTTP requests to the web > > servers decided by domain requested, ie if someone goes to > > www.domain1.com/index.htm this request will be forwarded by Squid to the > > WEBSERVER_1. > > > > This has been working fine, until I decided to run some tests, and look > > through the apache logs on the WEBSERVER_1. ALL incoming Client IP's and > > Addresses are always that of the GATEWAY_BOX. This poses a problem for > > websites which have security on them for OUTSIDE addresses, as this > > security will no longer work.. Also, WebStats are going to be invalid as > > all requests are made from the Gateway IP. > > > > Does anybody have any solutions for this problem? Other software solutions > > which will fun on FreeBSD? Any help would be most appreciated - even just > > a "I wouldn't have a clue, e-mail this group" or something. > I have a solution for exactlythis problem > You need the patch I submitted for ipfw fwd of incoming packets > about 3 weeks ago. > > it allows load sharing to an arbitrary number of webservers transparently > I sent it to "net" and it had a subject of RFC: (something) > > the mail includes how to set it up.. > it uses about 1% of cpu redirecting a 10Mb ethernet to 2 servers. > (sorry to be vague but look it up in the archives with > julian AND RFC AND ipfwin the net list.. The new ipfw fwd functionality looks really nice. But it seems like Tom needs forwarding based on the name (www.domain1.com or www.domain2.com) in the HTTP GET Request. I don't think that can be handled in ipfw or ipf. One thing you could do is using both servers for both domains and use the load balancing described by Julian. This has the drawback that the servers are not separated but on the other hand you get redundancy for both servers. -- Benedikt To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
