On 17.8.2017. 17:13, Chris Cappuccio wrote: > Juan Guillermo Narvaez [guille...@nrvz.net] wrote: >> # sysctl | grep ifq >> net.inet.ip.ifq.len=0 >> net.inet.ip.ifq.maxlen=1024 >> net.inet.ip.ifq.drops=46068291 >> net.inet6.ip6.ifq.len=0 >> net.inet6.ip6.ifq.maxlen=256 >> net.inet6.ip6.ifq.drops=0 >> > > The drops are high. You probably want a higher maxlen. I use 8192 on busy > forwarding boxes. > >> # cat sysctl.conf >> net.inet.ip.forwarding=1 >> kern.bufcachepercent=90 >> net.ip.ifq.maxlen=1024 >> > > You want net.inet.ip.ifq.maxlen=8192 not 'net.ip.ifq.maxlen=1024' >
besides what chris told you maybe you could silence pf logging... your dmesg is full of pf logs, maybe you have pf debuging enabled? please send cat /var/run/dmesg.boot inline just to see which version of openbsd your running and on which hardware ... and set your pf states to some big number.. set limit states 100000 or something like that .. and of course run at least openbsd 6.1 or if you brave enough run -current .... just side note, openbsd on E5-2643 v2 @ 3.50GHz from around February 2017 had plain forwarding performance of 1.4Mpps and openbsd from today on same box can forward cca 1.7Mpps ...
