W dniu 19.01.2012 16:39, Adam PAPAI pisze:
Dear List,
I feel my freebsd box is reaching his limits.
I'm doing load-balance with a pf (round-robin + NAT) in front of 3 web
and 3 database servers. Everything works fine with 100-120MBit/s, but
if it reaches over 150MBit/s to 200MBit/s or even 300MBit/s, the
connections are stucked, nobody can connect to the server.
I checked it via "nload". And every time it goes over 150MBit/s it
stars to drop some connections.
I have 40,000 connections at the same time.
Could it be because the pf? I mean it reaches some maximum throughput?
When i'm running the iperf from inside the NAT, it does only
300-400MBit/s, but if I'm running it from the firewall itself, it does
600-700 (it depends on the traffic). The servers are connected to each
other via GBit.
Thanks in advance,
Indeed. The default maximum is 10 000 states as I remember.
I.e. one of the main routers in my case. core quad.
set limit { states 300000, frags 10000, src-nodes 100000 }
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
