On 02/12/2008, Tim Dressel <[EMAIL PROTECTED]> wrote: > First, I'm using 1.2.1-RC2 on my home router with the intention of > permanently going to it from IPCop mainly for its captive portal and site to > site vpn that works well with my work router (I'm a tech). My IPCop box is > running on an athlon xp 1200 and is super fast, even with 400 connections > for a torrent. I'm running PF on a P4 1.7 with 768 ram on a 40gig IDE, and > it is pretty much bagged with anything more than 50 or so connections, and I > can make it lock up simply by watching the traffic graphs with the 1.3/2.0 > portal plugin installed. Not sure if that helps,,, but RC2 is clearly not > ready for production I think. I took the box down to the ISP's head end who > has two OC3's, and PF seemed to perform a bit better plugged into their > giganet backbone layer, but still wasn't great. The only reason I'm using RC2 is because I was hoping that the problem with PHP taking all the CPU would have been fixed in RC2 (FreeBSD 7), but it doesn't seem to be the case.
> > Second, I'm really interested in why you would have so many static routes. I > worked for a mutinational in the core networking group with sites spanning > Canada, the USA, UK, and China (31 sites total), and we didn't have anywhere > near 9000+ static routes. Each site had easily another dozen or so subnets > within it, and it was a medium sized corporate network in my opinion. What > exactly are you doing that would require that much static routing? In South Africa we have very expensive traffic charges for internet and other network links, mainly because we had a government protected telco monopoly, headed by the US STC telco and Telcom Malaysia (STC has this rape and escape litigation heavy history). So are using a local (za) only link to pipe all traffic through that stays in South Africa. 30GB of traffic through that costs R130, whereas otherwise one can pay up to R170 for 1GB. So I have a list of all local networks and want to tell pfSense to use those. The strange thing though is that although the memory consumption goes up dramatically if all the routes are loaded, the PHP problem exists even with only on static route. regards Roland > > With kindest regards, > > Tim > > > > On Mon, Dec 1, 2008 at 8:21 PM, Roland Giesler <[EMAIL PROTECTED]> > wrote: > > I've upgraded a firewall from a Celeron 1.7GHz to a dual core 3GHz > > machine with an 80GB hard drive and 512MB RAM to be able to better > > handle a large number of static routes. > > > > The image installed just fine and all seemed well. However the routes > > took a really long time to load. I use 9488 static route entries > > (which I added into the XML config file instead of via the web > > interface. The memory usage with all these routes loaded is about > > 60%, but when I change anything PHP takes a really long to finish > > processing some simple commands like adding a host in the dns > > forwarer. (By long I mean more than 30 minutes!) > > > > So I removed all the routes except one, just to test if all else is > > ok, but found that on both release 1.2 and 1.2.1-RC2, PHP steadily > > increased when I save a change until it hits 100% usage on one CPU. > > Then, if I click something else, the second CPU gets a PHP process > > that also goes to 100%. > > > > Why would this be happening? The motherboard is an Intel > > manufactured board and I have added an Intel dual port gigabit network > > card. > > > > regards > > > > -- > > Roland Giesler > > Green Tree Systems cc, Stellenbosch, South Africa > > Mobile: 072-450-2817 http://www.thegreentree.za.net > > > > If a nation expects to be ignorant and free, in a state of > > civilization, it expects what never was and never will be… > > - Thomas Jefferson, Jan 6th, 1816 > > > > -- Roland Giesler Green Tree Systems cc, Stellenbosch, South Africa Mobile: 072-450-2817 http://www.thegreentree.za.net If a nation expects to be ignorant and free, in a state of civilization, it expects what never was and never will be… - Thomas Jefferson, Jan 6th, 1816
