No Subject
unsubscribe To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Large scale NAT problems
Hi, I'm tring to make NAT on FreeBSD box for 2500 clients on 35Mbit uplink. Box is Xeon 2.8GHz, 1G RAM, 2xIntel PRO/1000 (em) adapters. FreeBSD 4.9-STABLE, kernel is configured for single processor (HT not used), with DEVICE_POLLING and HZ=2000, LARGE_NAT defined. Nat was done using ipnat, no additional filtering. The problem is that when traffic grows to 10Mbit and number of active NAT sessions reach 7, CPU usage exponentialy grows and system spends all CPU time in interrupts handling. The system become completely unreponsible and unsable and only hard reset is the solution. And worse thing is that Linux on Cel/800 with SOHO cards do that NATing with 5% CPU load without any problem :-(. Maybe I shoud try natd? May this help? Any suggestions? thanks in advance, Andriy Korud ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Large scale NAT problems
Цитую Attila Nagy <[EMAIL PROTECTED]>: > Andriy Korud wrote: > > The problem is that when traffic grows to 10Mbit and number of active NAT > > sessions reach 7, CPU usage exponentialy grows and system spends all > CPU > > time in interrupts handling. > > The system become completely unreponsible and unsable and only hard reset > is the > > solution. > Did you try OpenBSD's pf? > Is it ported to 4.9-STABLE? How can I configure and try it? Andriy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Large scale NAT problems
Цитую Q <[EMAIL PROTECTED]>: > You have set the 'sysctl kern.polling.enable=1' bit right? > > Seeya...Q > Yes, and I 'systat -v 1' show 2000 timer interrupts and 0 em0, Andriy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Large scale NAT problems
Цитую DrumFire <[EMAIL PROTECTED]>: > On Tue, 16 Dec 2003 11:40:11 +0200 > Andriy Korud <[EMAIL PROTECTED]> wrote: > > First of try OpenBSD pf, that works only on a 5.x-Release, > try to disable device polling in your kernel configuration. > > I've made some test with device_polling enabled, and I have > less performance than with device_polling disabled. > With disabled polling the situating was the same, the only difference is that 'systat -v 1' shows ~3000 of em0 interrupts/s (with polling_enaled - 0 em0 interrupts and 2000 timer interrupts/s). Andriy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Poor network/forwarding performance
Hi. Some time ago I was posting here message concerning poor ipnat performance. However I've found that even without nat (clear forwarding) performance is also poor - at about 6Mbit system gradually becomes completely unresponsible but return to normal state immediately after disconnecting network cable. System is: Xeon 2.8GHz/4-STABLE/Intel gigabit network card (em0). Device polling is enabled. Mbufs - 1% in use. And what I've noticed - in that (or near) state top shows 100% usage by top itself (and sometimes I've noticed 137% CPU usage!?) Any ideas, where can I look and check? Best regards, Andriy Korud ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
NATD and available ports
Hi. I need to run nat box for ~2000 clients with up to 300.000 active connections. ipnat doesn't handle such load, so I'm going to try natd - but worry that natd will simply use all available outgoing ports and then crash. I have 128 public IP's and in ipnat's configuration just map smaller blocks of private IP's into certain public IP, but have no idea how can I do this using natd. Any suggestions? Regards, Andriy Korud. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Which one ip_nat.h?
Hi, I need to define LARGE_NAT in ip_nat.h, however there are 3 such files in my system: locate ip_nat.h /usr/include/netinet/ip_nat.h /usr/src/contrib/ipfilter/ip_nat.h /usr/src/sys/contrib/ipfilter/netinet/ip_nat.h The question is simple - which one should I change? regards, Andriy Korud ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Large scale NAT - problem resolved
Hi, At last I've managed to build stable NAT on FreeBSD box for 34Mbit link and ~2000 clients (cable modem network). At full speed (34Mbit) CPU usage is 0% and system load is 0.0 :-) The solution was to find proper ip_nat.h file and properly define compile-time parameters. Thanks all for you help, Andriy Korud ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Large scale NAT - problem resolved
Quoting rmkml <[EMAIL PROTECTED]>: > Hi Andriy, > > You use ipnat (ipfilter) > Well, I'm using ipnat. In order to make it work properly, I have to: - install ipfilter 3.4.32 (it claims to have some bugs fixed in NAT code, in stock system you'll find 3.4.31); - define in _proper_ :-) ip_nat.h: #define LARGE_NAT #define NAT_SIZE 80809 #define RDR_SIZE 80809 #define NAT_TABLE_SZ 262143 #define HOSTMAP_SIZE 32767 don't ask me from where I've taken those number - mostly they was found in mailing lists. regards, Andriy Korud ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Changing TOS of forwarded packets?
Hi, my question is simple - is it possible to set TOS value of forwarded packets using ipfw, ipfilter or other magic on FreeBSD 4-STABLE? Tnanks in advance, Andriy Korud ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Changing TOS of forwarded packets?
Thanks, but I'm looking for some solution that'd allow me to modify TOS of the packets that match some filter rule, so I think I have to modify ipfilter code. Andriy > On Tue, Feb 03, 2004 at 06:46:18PM +0200, Andriy Korud wrote: > > Hello, > > > Hi, my question is simple - is it possible to set TOS value of forwarded > packets > > using ipfw, ipfilter or other magic on FreeBSD 4-STABLE? > > As far as I know there is nothing official for this purposes (hope someone > will correct me if I am wrong). This is why I started to design something > on my own. My little goodie is a netgraph node for packet mangling in its > early stage. I *just* got it to work and it is tested now. Seems to work > properly for me. However, it was written and used only on FreeBSD-5.2-R > and > I'am not sure about diffrences in netgraph implementation in STABLE. > > Nevertheless, if noone suggests better sollution you may want to give it a > try. Bear in mind it's early stage, though. There you can reach it: > > http://venus.wsb-nlu.edu.pl/~dlupinsk/ng_mangle/ > > regards, > Dominik Lupinski > > > Ps. Any feedback appreciated. > -- > "...they build you up only to tear you down." > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Changing TOS of forwarded packets?
Цитую Julian Elischer <[EMAIL PROTECTED]>: > check out the "tcpmssd" port. > > it changes soem tcp parameters during forwarding.. > you could modify it to do what you want I am sure.. > > Thanks, but I think at the packet rate I'm interested in (~30Mbit/s and more) divert solution will have poor performance. Andriy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Changing TOS of forwarded packets?
Cytowanie Craig Rodrigues <[EMAIL PROTECTED]>: > On Tue, Feb 03, 2004 at 11:29:24PM +0200, Andriy Korud wrote: > > Thanks, but I'm looking for some solution that'd allow me to modify TOS of > the > > packets that match some filter rule, so I think I have to modify ipfilter > > code. > > Have you looked at ALTQ, which is part of KAME ( http://www.kame.net )? > ALTQ runs on FreeBSD-STABLE, and can set the TOS based > on a filter rule. > Thanks, I thought about it, but was not sure it may do it. Should give it a try. Andriy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
