Pessoal, Consegui resolver essa falha aumentando a banda na minha fila "pai" total e total_out, pois ambas estavam definidas em 34Mb que e o trafego estava no limite... por isso a mensagem de "no buffer space". Aumentei pra 80Mb (embora eu não tenha todo esse link de saída pra internet) e alterei algumas sysctl tbm.
# PF + ALTQ net.inet.ip.intr_queue_maxlen=200 kern.ipc.somaxconn=512 kern.ipc.maxsockbuf=1048576 Sistema está agora 100% funcional!! Estou editando um template de PF para Cati pra medir o trafego de cada uma das filas porque não achei pronto nenhum :( Valew !! Em 23 de março de 2010 12:22, Renata Dias <[email protected]> escreveu: > > > Em 19 de março de 2010 16:34, Aline Freitas <[email protected]> escreveu: > >> Renata, >> >> >> Eu já fiquei com minha rede assim devido a otimizações mal feitas no >> sysctl.conf. O que você tem nele? >> >> []'s >> Aline >> >> >> >> On Mar 19, 2010, at 10:37 AM, Renata Dias wrote: >> >> > Caros, >> > >> > Encontrei varias discussões a respeito da minha dúvida, porém >> > nenhuma >> > com solução! >> > >> > Eu ativo o pf e a rede passa a responder com "No buffer space >> > available". >> > Testei algumas opções que encontrei na internet, como: set limit >> > { states >> > 1000000000, src-nodes 1000000000, frags 50000000 } , porém sem >> > sucesso. >> > >> > Segue meu pf.conf >> > >> > if_wan_upload="em0" >> > if_lan_download="em1" >> > >> > table <rede_interna> { 192.168.0.0/24, 10.0.10.0/24 } >> > >> > altq on $if_wan_upload hfsc bandwidth 100% queue total_out >> > queue total_out bandwidth 34Mb hfsc(upperlimit 34Mb) { ping_out >> > voip_out >> > dns_out http-https_out pop_out smtp_out ssh_out outros_out p2p_out } >> > queue ping_out bandwidth 6% priority 9 hfsc(upperlimit 100% >> > realtime 6% >> > ecn red) >> > queue voip_out bandwidth 5% priority 8 hfsc(upperlimit 100% >> > realtime 5% >> > ecn red) >> > queue dns_out bandwidth 2% priority 7 hfsc(upperlimit 100% realtime >> > 2% ecn >> > red) >> > queue http-https_out bandwidth 60% priority 6 hfsc(upperlimit 100% >> > realtime 60% ecn red) >> > queue ssh_out bandwidth 2% priority 5 hfsc(upperlimit 100% realtime >> > 2% ecn >> > red) >> > queue smtp_out bandwidth 5% priority 4 hfsc(upperlimit 100% >> > realtime 5% >> > ecn red) >> > queue pop_out bandwidth 5% priority 3 hfsc(upperlimit 100% realtime >> > 5% ecn >> > red) >> > queue outros_out bandwidth 10% priority 2 hfsc(upperlimit 95% >> > realtime 10% >> > ecn red default) >> > queue p2p_out bandwidth 5% priority 1 hfsc(upperlimit 80% realtime >> > 5% ecn >> > red) >> > >> > altq on $if_lan_download hfsc bandwidth 100Mb queue total >> > queue total bandwidth 34Mb hfsc(upperlimit 34Mb) { ping voip dns >> > http-https >> > ssh smtp pop outros p2p } >> > queue ping bandwidth 6% priority 9 hfsc(upperlimit 100% realtime 6% >> > ecn >> > red) >> > queue voip bandwidth 5% priority 8 hfsc(upperlimit 100% realtime 5% >> > ecn >> > red) >> > queue dns bandwidth 2% priority 7 hfsc(upperlimit 100% realtime 2% >> > ecn >> > red) >> > queue http-https bandwidth 60% priority 6 hfsc(upperlimit 100% >> > realtime >> > 60% ecn red) >> > queue ssh bandwidth 2% priority 5 hfsc(upperlimit 100% realtime 2% >> > ecn >> > red) >> > queue smtp bandwidth 5% priority 4 hfsc(upperlimit 100% realtime 5% >> > ecn >> > red) >> > queue pop bandwidth 5% priority 3 hfsc(upperlimit 100% realtime 5% >> > ecn >> > red) >> > queue outros bandwidth 10% priority 2 hfsc(upperlimit 95% realtime >> > 10% ecn >> > red default) >> > queue p2p bandwidth 5% priority 1 hfsc(upperlimit 80% realtime 5% >> > ecn red) >> > >> > pass in quick on $if_wan_upload proto icmp from <rede_interna> to >> > any keep >> > state queue ping_out >> > pass in quick on $if_lan_download proto icmp from <rede_interna> to >> > any keep >> > state queue ping >> > >> > pass in quick on $if_wan_upload proto { tcp, udp } from >> > <rede_interna> to >> > any port 53 keep state queue dns_out >> > pass in quick on $if_lan_download proto { tcp, udp } from >> > <rede_interna> to >> > any port 53 keep state queue dns >> > >> > pass in quick on $if_wan_upload proto tcp from <rede_interna> to any >> > port { >> > 80, 443 } keep state queue http-https_out >> > pass in quick on $if_lan_download proto tcp from <rede_interna> to >> > any port >> > { 80, 443 } keep state queue http-https >> > >> > pass in quick on $if_wan_upload proto tcp from <rede_interna> to any >> > port >> > 110 keep state queue pop_out >> > pass in quick on $if_lan_download proto tcp from <rede_interna> to >> > any port >> > 110 keep state queue pop >> > >> > pass in quick on $if_wan_upload proto tcp from <rede_interna> to any >> > port 25 >> > keep state queue smtp_out >> > pass in quick on $if_lan_download proto tcp from <rede_interna> to >> > any port >> > 25 keep state queue smtp >> > >> > pass in quick on $if_wan_upload proto tcp from <rede_interna> to any >> > port 22 >> > keep state queue ssh_out >> > pass in quick on $if_lan_download proto tcp from <rede_interna> to >> > any port >> > 22 keep state queue ssh >> > >> > >> > >> > -- >> > Renata Dias >> > ------------------------- >> > Histórico: http://www.fug.com.br/historico/html/freebsd/ >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> >> ------------------------- >> Histórico: http://www.fug.com.br/historico/html/freebsd/ >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> > > > > Oi Aline, > > # MAC - Layer 2 > net.link.ether.ipfw=1 > > Apenas habilito a camada 2 para as regras de MAC do IPFW. Porém, para > testes, eu desabilitei essa sysctl e ativei o PF... o resultado foi o mesmo > (no buffer space) no meio das respostas de ping. > > Obrigada. > > -- > Renata Dias > > -- Renata Dias ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
