たけふ@大阪豊中です。
<ぼそ>先ほど owner-FreeBSD-users-jp 宛てに間違って投げてしまったので、再送です :-) </ぼそ>

i386 の 5.5-RELEASE で構築していた環境を、amd64 の 7.1-RELEASE で刷新作業を行っているのですが、
natd(8) を有効にした途端、公開された外部インターフェイスの通信が極端に速度低下する症状がでしまいました。

正確に表現すると、ある程度小さなパケットでは速度低下は目立たなく、
数キロバイトのテキストファイルを連続させて表示するとシャックリを起こしつつも流れてきますが、
ある程度(数十キロバイト)以上では、最終的にコンソールがロックしてしまいます。

この時、内向きの通信同士では速度低下は発生せず、同一セグメントの外向きの通信のみで発生する症状です。

同一の kernel にて natd(8) を使わなければ速度低下は認められなかったので、
おそらく設定のミスを犯していると思われるのですが、行き詰ってしまいました。

そこで、natd(8) を用いても転送速度が落ちないようにする為に、
どの辺りから調査をすればいいかご教示いただければと思います。


構築した環境は以下の通りです。


em0 が外向きの通信担当 nic
dc0 が内向きの通信担当 nic

/usr/src/sys/amd64/conf/DNS01
options         IPDIVERT
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=100
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPFIREWALL_FORWARD
options         IPFIREWALL_NAT
options         LIBALIAS
options         DEVICE_POLLING

/etc/rc.conf
natd_enable="YES"
natd_interface="em0"
firewall_enable="YES"
firewall_type="OPEN"

% dmesg -a
Copyright (c) 1992-2009 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.1-RELEASE-p2 #0: Wed Feb 11 17:41:11 JST 2009
    tak...@dns01:/usr/obj/usr/src/sys/DNS01
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(R) CPU 2.93GHz (2933.46-MHz K8-class CPU)
  Origin = "GenuineIntel"  Id = 0xf49  Stepping = 9
  
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x651d<SSE3,RSVD2,MON,DS_CPL,TM2,CNXT-ID,CX16,xTPR>
  AMD Features=0x20000800<SYSCALL,LM>
  AMD Features2=0x1<LAHF>
usable memory = 526950400 (502 MB)
avail memory  = 506847232 (483 MB)
ACPI APIC Table: <PTLTD          APIC  >
ioapic0 <Version 2.0> irqs 0-23 on motherboard
kbd1 at kbdmux0
acpi0: <PTLTD    XSDT> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> irq 16 at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
pcib2: <ACPI PCI-PCI bridge> irq 17 at device 28.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pcib3: <ACPI PCI-PCI bridge> irq 17 at device 28.4 on pci0
pci3: <ACPI PCI bus> on pcib3
em0: <Intel(R) PRO/1000 Network Connection 6.9.6> port 0x4000-0x401f mem 
0xdc100000-0xdc11ffff irq 16 at device 0.0 on pci3
em0: Using MSI interrupt
em0: [FILTER]
em0: Ethernet address: 00:1a:4d:40:d9:bb
pcib4: <ACPI PCI-PCI bridge> irq 16 at device 28.5 on pci0
pci4: <ACPI PCI bus> on pcib4
uhci0: <UHCI (generic) USB controller> port 0x3000-0x301f irq 23 at device 29.0 
on pci0
uhci0: [GIANT-LOCKED]
uhci0: [ITHREAD]
usb0: <UHCI (generic) USB controller> on uhci0
usb0: USB revision 1.0
uhub0: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0
uhub0: 2 ports with 2 removable, self powered
uhci1: <UHCI (generic) USB controller> port 0x3020-0x303f irq 19 at device 29.1 
on pci0
uhci1: [GIANT-LOCKED]
uhci1: [ITHREAD]
usb1: <UHCI (generic) USB controller> on uhci1
usb1: USB revision 1.0
uhub1: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb1
uhub1: 2 ports with 2 removable, self powered
uhci2: <UHCI (generic) USB controller> port 0x3040-0x305f irq 18 at device 29.2 
on pci0
uhci2: [GIANT-LOCKED]
uhci2: [ITHREAD]
usb2: <UHCI (generic) USB controller> on uhci2
usb2: USB revision 1.0
uhub2: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb2
uhub2: 2 ports with 2 removable, self powered
uhci3: <UHCI (generic) USB controller> port 0x3060-0x307f irq 16 at device 29.3 
on pci0
uhci3: [GIANT-LOCKED]
uhci3: [ITHREAD]
usb3: <UHCI (generic) USB controller> on uhci3
usb3: USB revision 1.0
uhub3: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb3
uhub3: 2 ports with 2 removable, self powered
ehci0: <Intel 82801GB/R (ICH7) USB 2.0 controller> mem 0xdc400000-0xdc4003ff 
irq 23 at device 29.7 on pci0
ehci0: [GIANT-LOCKED]
ehci0: [ITHREAD]
usb4: EHCI version 1.0
usb4: companion controllers, 2 ports each: usb0 usb1 usb2 usb3
usb4: <Intel 82801GB/R (ICH7) USB 2.0 controller> on ehci0
usb4: USB revision 2.0
uhub4: <Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1> on usb4
uhub4: 8 ports with 8 removable, self powered
pcib5: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci10: <ACPI PCI bus> on pcib5
dc0: <Intel 21143 10/100BaseTX> port 0x5000-0x507f mem 0xdc040000-0xdc0403ff 
irq 16 at device 0.0 on pci10
miibus0: <MII bus> on dc0
amphy0: <Am79C873/DM9101 10/100 media interface> PHY 1 on miibus0
amphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
dc0: Ethernet address: 00:40:c7:97:59:7f
dc0: [ITHREAD]
vgapci0: <VGA-compatible display> port 0x5080-0x50ff mem 
0xd8000000-0xdbffffff,0xdc000000-0xdc03ffff at device 3.0 on pci10
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH7 UDMA100 controller> port 
0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x30a0-0x30af at device 31.1 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci0
ata1: [ITHREAD]
ichsmb0: <Intel 82801GB (ICH7) SMBus controller> port 0x3080-0x309f irq 19 at 
device 31.3 on pci0
ichsmb0: [GIANT-LOCKED]
ichsmb0: [ITHREAD]
smbus0: <System Management Bus> on ichsmb0
smb0: <SMBus generic I/O> on smbus0
acpi_button0: <Power Button> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: [ITHREAD]
psm0: model IntelliMouse, device ID 3
cpu0: <ACPI CPU> on acpi0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
orm0: <ISA Option ROM> at iomem 0xc0000-0xc7fff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 2933460783 Hz quality 800
Timecounters tick every 1.000 msec
ipfw2 (+ipv6) initialized, divert enabled, nat enabled, rule-based forwarding 
enabled, default to accept, logging limited to 100 packets/entry by default
ad0: 78533MB <ASI ARAID99 2000 Mirror Rev 1.11 Rev1.11> at ata0-master UDMA100
Trying to mount root from ufs:/dev/ad0s1a
Loading configuration files.
kernel dumps on /dev/ad0s1b

メールによる返信