Looking for thoughts on improving performance, throughput, etc. I'm
leaning towards just throwing up 2 better boxes with 2GB of ram and
P4's. Wish I could show the pf.conf rules but that's out of the
question.
Here's the stats:
-bash-2.05b# pfctl -s info -v
Status: Enabled for 14 days 18:54:07 Debug: Urgent
Hostid: 0x********
State Table Total Rate
current entries 7008
searches 3599595861 2817.4/s
inserts 83619775 65.4/s
removals 83612767 65.4/s
Source Tracking Table
current entries 0
searches 0 0.0/s
inserts 0 0.0/s
removals 0 0.0/s
Counters
match 2108310848 1650.2/s
bad-offset 0 0.0/s
fragment 123 0.0/s
short 4 0.0/s
normalize 50 0.0/s
memory 1049 0.0/s
-bash-2.05b# pfctl -s state | wc -l
9016
-bash-2.05b# pfctl -s timeouts
tcp.first 120s
tcp.opening 30s
tcp.established 86400s
tcp.closing 900s
tcp.finwait 45s
tcp.closed 90s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 30s
interval 10s
adaptive.start 75000 states
adaptive.end 95000 states
src.track 0s
-bash-2.05b# pfctl -s memory
states hard limit 100000
src-nodes hard limit 50000
frags hard limit 5000
sysctl:
-bash-2.05b# sysctl -a | grep tcp.
net.inet.tcp.rfc1323=1
net.inet.tcp.keepinittime=150
net.inet.tcp.keepidle=14400
net.inet.tcp.keepintvl=150
net.inet.tcp.slowhz=2
net.inet.tcp.baddynamic=587,749,750,751,760,761,871
net.inet.tcp.recvspace=16384
net.inet.tcp.sendspace=16384
net.inet.tcp.sack=1
net.inet.tcp.mssdflt=512
net.inet.tcp.rstppslimit=100
net.inet.tcp.ackonpush=0
net.inet.tcp.ecn=0
net.inet.tcp.syncachelimit=10255
net.inet.tcp.synbucketlimit=105
net.inet.tcp.rfc3390=0
net.inet.tcp.reasslimit=1024
dmesg:
OpenBSD 3.5 (GENERIC) #34: Mon Mar 29 12:24:55 MST 2004
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 1 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,F
XSR,SSE
real mem = 266973184 (260716K)
avail mem = 241209344 (235556K)
using 3284 buffers containing 13451264 bytes (13136K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(b0) BIOS, date 06/22/01, BIOS32 rev. 0 @
0xfb340
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev. 2.1 @ 0xf0000/0xdf04
pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xfde60/144 (7 entries)
pcibios0: PCI Exclusive IRQs: 5 9 10 11 12
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev
0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xa000 0xcc000/0xd800 0xda000/0x800
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82815 Hub" rev 0x04
vga1 at pci0 dev 2 function 0 "Intel 82815 Graphics" rev 0x04: aperture
at 0xd0000000, size 0x4000000
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x05
pci1 at ppb0 bus 1
fxp0 at pci1 dev 3 function 0 "Intel 82557" rev 0x08: irq 11, address
00:01:29:0c:0b:9a
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 4
xl0 at pci1 dev 5 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq
12xl0: command never completed!
xl0: command never completed!
xl0: command never completed!
address 00:0a:5e:1c:ef:69
exphy0 at xl0 phy 24: 3Com internal media interface
xl0: command never completed!
xl0: command never completed!
xl0: command never completed!
fxp1 at pci1 dev 8 function 0 "Intel 82562" rev 0x03: irq 10, address
00:01:29:0c:0b:9b
inphy1 at fxp1 phy 1: i82562ET 10/100 media interface, rev. 0
hifn0 at pci1 dev 10 function 0 "Hifn 7955/7954" rev 0x00: LZS 3DES ARC4
MD5 SHA1 RNG AES PK, 32KB dram, irq 9
pcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x05
pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x05: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <ST320014A>
wd0: 16-sector PIO, LBA, 19092MB, 39102336 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide0 channel 1 drive 0: <STI Flash 6.1.0>
wd1: 1-sector PIO, LBA, 244MB, 500400 sectors
wd1(pciide0:1:0): using PIO mode 1
uhci0 at pci0 dev 31 function 2 "Intel 82801BA USB" rev 0x05: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
vga1 at pci0 dev 2 function 0 "Intel 82815 Graphics" rev 0x04: aperture
at 0xd0000000, size 0x4000000
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x05
pci1 at ppb0 bus 1
fxp0 at pci1 dev 3 function 0 "Intel 82557" rev 0x08: irq 11, address
00:01:29:0c:0b:9a
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 4
xl0 at pci1 dev 5 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq
12xl0: command never completed!
xl0: command never completed!
xl0: command never completed!
address 00:0a:5e:1c:ef:69
exphy0 at xl0 phy 24: 3Com internal media interface
xl0: command never completed!
xl0: command never completed!
xl0: command never completed!
fxp1 at pci1 dev 8 function 0 "Intel 82562" rev 0x03: irq 10, address
00:01:29:0c:0b:9b
inphy1 at fxp1 phy 1: i82562ET 10/100 media interface, rev. 0
hifn0 at pci1 dev 10 function 0 "Hifn 7955/7954" rev 0x00: LZS 3DES ARC4
MD5 SHA1 RNG AES PK, 32KB dram, irq 9
pcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x05
pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x05: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <ST320014A>
wd0: 16-sector PIO, LBA, 19092MB, 39102336 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide0 channel 1 drive 0: <STI Flash 6.1.0>
wd1: 1-sector PIO, LBA, 244MB, 500400 sectors
wd1(pciide0:1:0): using PIO mode 1
uhci0 at pci0 dev 31 function 2 "Intel 82801BA USB" rev 0x05: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
lm0 at isa0 port 0x290/8: W83627HF
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask c840 netmask de40 ttymask dec2
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
wd1: no disk label
dkcsum: wd1 matched BIOS disk 81
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
Regards,
Mike Lockhart
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Mike Lockhart [Systems Engineering & Operations]
StayOnline, Inc
http://www.stayonline.net/
mailto: [EMAIL PROTECTED]
GPG: 8714 6F73 3FC8 E0A4 0663 3AFF 9F5C 888D 0767 1550
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
