Re: [pfSense-discussion] Incoming load balancing with passive ftp
Worse...each TCP connection would be individually load balanced anyway. I can only imagine the breakage that would occur sending the command channel to one server and the data channel to another. --Bill On 3/15/06, Scott Ullrich <[EMAIL PROTECTED]> wrote: > Load balancing FTP is most likely not going to work very well do to > the nature of how FTP works in pfSense. > > Sorry! > > On 3/15/06, Daniel Leaberry <[EMAIL PROTECTED]> wrote: > > I would like to incoming load balance ftp traffic. When I go to Services > > -> Load balancer and try to create a pool or a virtual server the port > > box only allows one port number. I use passive ftp and have my ftp > > servers set to use a port range of 4-40500 for passive ftp. So I > > really would need just 21,4-40500 to be load balanced > > > > From reading the pf FAQ http://www.openbsd.org/faq/pf/pools.html it > > appears that pf supports multiple ports in a load balancing rdr. > > > > So here are the questions > > > > 1. Am I correct, can this actually be done with freebsd's pf. > > 2. Is there some way I can set multiple ports for the incoming load > > balanced ftp service (perhaps bypassing the web interface) > > > > It appears that pfsense uses the default round-robin policy > > (/var/etc/sldb.conf has an entry for it) but I'm curious whether the > > sticky-address option is set, as this would be necessary. > > > > Thanks > > > > -- > > Daniel Leaberry > > IT Manager > > iArchives > > Tel: 801-224-4015 x228 > > Cell: 801-376-6411 > > Email: [EMAIL PROTECTED] > > > > >
Re: [pfSense-discussion] throughput - cpu, bus
On 3/15/06, Chun Wong <[EMAIL PROTECTED]> wrote: > Chipset ? I'm not sure tbh, its an abit board I purchased 4-5 years ago. > > The source is on a HP Netserver LH3000 (2 x P3 866Mhz, 2.25Gb RAM) with dual > 64 bit PCI bus. 3 x Intel Pro MT1000 gig nics (64bit). The disk subsystem > is 2 x megaraid scsi/sata controllers, with scsi3 and sata raid 5 arrays. > > I doubt the bottle neck is there. Although it is running vmware 2.5.1 at the > moment. The guest OS is Windows XP SP2. I guess I need to see what happens > when I run straight linux on the box. VMWare performance regardless of whether this is ESX or not (I'm assuming ESX, not workstation or GSX) sucks. Use a physical box for this type of testing. --Bill
[pfSense-discussion] [QUESTION] How to package a software distrubution?
Hello, I am trying to create a DSPAM package for DSPAM. It's quite easy to figure out how to compose a web interface using some arbitrary XML files. Tho I do have some understanding issues if it comes to figure out * what should go into a tbz file (i.e. a package) * how to create files like CONTENTS, MTREE_DIRS etc. Can you briefly describe how I should package the DSPAM binaries etc., so DSPAM can be deployed as a valide pfSense app? Additionally please give me some pointers why an app such as spamd uses both XML files and PHP files for the web interace? How do these file semantically differ? -- Mit freundlichen Gruessen / With kind regards DAn.I.El S. Haischt Spammers, please please send any mail to: Daniel S. Haischt <[EMAIL PROTECTED]> Want a complete signature??? Type at a shell prompt: $ > finger -l [EMAIL PROTECTED]
RE: [pfSense-discussion] throughput - cpu, bus - VMware
Ooops sorry - I thought you meant vmware workstation, not vmware ESX server. However I still suggest testing from the host OS, just makes things tidier. -Original Message- From: Chun Wong [mailto:[EMAIL PROTECTED] Sent: Thursday, 16 March 2006 11:45 a.m. To: discussion@pfsense.com Subject: RE: [pfSense-discussion] throughput - cpu, bus - VMware Hi Craig vmware 2.5.1 esx is current, 3.0 is in beta at the moment. definitely emulates FE or better, I am getting a sustained 75mbs, I was just hoping for more. But you are absolutely right, I should be testing in native mode. Regards > --- Ursprüngliche Nachricht --- > Von: Craig FALCONER <[EMAIL PROTECTED]> > An: discussion@pfsense.com > Betreff: RE: [pfSense-discussion] throughput - cpu, bus > Datum: Thu, 16 Mar 2006 10:40:13 +1300 > > That version of Vmware is prehistoric, and probably only emulates a 10 > Mbit AMD PCNet nic. > > Try testing from the host OS on your source machine. > > > The best method for testing bulk is iperf, or this Avalance thing is > more real-world. > -- "Feel free" mit GMX FreeMail! Monat für Monat 10 FreeSMS inklusive! http://www.gmx.net
RE: [pfSense-discussion] throughput - cpu, bus - VMware
Hi Craig vmware 2.5.1 esx is current, 3.0 is in beta at the moment. definitely emulates FE or better, I am getting a sustained 75mbs, I was just hoping for more. But you are absolutely right, I should be testing in native mode. Regards > --- Ursprüngliche Nachricht --- > Von: Craig FALCONER <[EMAIL PROTECTED]> > An: discussion@pfsense.com > Betreff: RE: [pfSense-discussion] throughput - cpu, bus > Datum: Thu, 16 Mar 2006 10:40:13 +1300 > > That version of Vmware is prehistoric, and probably only emulates a 10 > Mbit > AMD PCNet nic. > > Try testing from the host OS on your source machine. > > > The best method for testing bulk is iperf, or this Avalance thing is more > real-world. > -- "Feel free" mit GMX FreeMail! Monat für Monat 10 FreeSMS inklusive! http://www.gmx.net
RE: [pfSense-discussion] throughput - cpu, bus
That version of Vmware is prehistoric, and probably only emulates a 10 Mbit AMD PCNet nic. Try testing from the host OS on your source machine. The best method for testing bulk is iperf, or this Avalance thing is more real-world. -Original Message- From: Chun Wong [mailto:[EMAIL PROTECTED] Sent: Thursday, 16 March 2006 12:47 a.m. To: discussion@pfsense.com Subject: RE: [pfSense-discussion] throughput - cpu, bus Chipset ? I'm not sure tbh, its an abit board I purchased 4-5 years ago. The source is on a HP Netserver LH3000 (2 x P3 866Mhz, 2.25Gb RAM) with dual 64 bit PCI bus. 3 x Intel Pro MT1000 gig nics (64bit). The disk subsystem is 2 x megaraid scsi/sata controllers, with scsi3 and sata raid 5 arrays. I doubt the bottle neck is there. Although it is running vmware 2.5.1 at the moment. The guest OS is Windows XP SP2. I guess I need to see what happens when I run straight linux on the box. The firewall is currently on an abit mb, don't know which chipset till I down the fw and take a look. This has Intel Pro MT1000 gig nics (64bit) too although only 32bits are being used. The destination machine is a nforce2 mb with an athlon xp1700 with 1Gb RAM and ATA133 seagate 7200rpm drive running XP SP2. Here there is a 3com 996B Now somewhere in there is the culprit for slowing things down. I have been using ftp get on large files to do the measuring: Is there a better method ? Thanks -Original Message- From: Greg Hennessy [mailto:[EMAIL PROTECTED] Sent: 15 March 2006 10:45 To: discussion@pfsense.com Subject: RE: [pfSense-discussion] throughput - cpu, bus > guys, > 2.2MBs, 2.2 megabytes per second (120) > 7MBs, 7 megabytes pers second (athlon) Are the Athlon figures on a Via chipset motherboard ? Some of the early Via athlon chipsets had pretty lousy PCI performance. You could try tweaking the PCI latency timers in the bios to give the em card more time on the bus. This may improve throughput slightly. On a bge plugged into a nforce2 board, I can iperf ~800 read/ ~600 write through it. Greg
Re: [pfSense-discussion] Incoming load balancing with passive ftp
Alright, I suppose it was worth a try. Daniel Leaberry IT Manager iArchives Tel: 801-224-4015 x228 Cell: 801-376-6411 Email: [EMAIL PROTECTED] Scott Ullrich wrote: > Load balancing FTP is most likely not going to work very well do to > the nature of how FTP works in pfSense. > > Sorry! > > On 3/15/06, Daniel Leaberry <[EMAIL PROTECTED]> wrote: > >> I would like to incoming load balance ftp traffic. When I go to Services >> -> Load balancer and try to create a pool or a virtual server the port >> box only allows one port number. I use passive ftp and have my ftp >> servers set to use a port range of 4-40500 for passive ftp. So I >> really would need just 21,4-40500 to be load balanced >> >> From reading the pf FAQ http://www.openbsd.org/faq/pf/pools.html it >> appears that pf supports multiple ports in a load balancing rdr. >> >> So here are the questions >> >> 1. Am I correct, can this actually be done with freebsd's pf. >> 2. Is there some way I can set multiple ports for the incoming load >> balanced ftp service (perhaps bypassing the web interface) >> >> It appears that pfsense uses the default round-robin policy >> (/var/etc/sldb.conf has an entry for it) but I'm curious whether the >> sticky-address option is set, as this would be necessary. >> >> Thanks >> >> -- >> Daniel Leaberry >> IT Manager >> iArchives >> Tel: 801-224-4015 x228 >> Cell: 801-376-6411 >> Email: [EMAIL PROTECTED] >> >> >>
Re: [pfSense-discussion] Incoming load balancing with passive ftp
Load balancing FTP is most likely not going to work very well do to the nature of how FTP works in pfSense. Sorry! On 3/15/06, Daniel Leaberry <[EMAIL PROTECTED]> wrote: > I would like to incoming load balance ftp traffic. When I go to Services > -> Load balancer and try to create a pool or a virtual server the port > box only allows one port number. I use passive ftp and have my ftp > servers set to use a port range of 4-40500 for passive ftp. So I > really would need just 21,4-40500 to be load balanced > > From reading the pf FAQ http://www.openbsd.org/faq/pf/pools.html it > appears that pf supports multiple ports in a load balancing rdr. > > So here are the questions > > 1. Am I correct, can this actually be done with freebsd's pf. > 2. Is there some way I can set multiple ports for the incoming load > balanced ftp service (perhaps bypassing the web interface) > > It appears that pfsense uses the default round-robin policy > (/var/etc/sldb.conf has an entry for it) but I'm curious whether the > sticky-address option is set, as this would be necessary. > > Thanks > > -- > Daniel Leaberry > IT Manager > iArchives > Tel: 801-224-4015 x228 > Cell: 801-376-6411 > Email: [EMAIL PROTECTED] > >
[pfSense-discussion] Incoming load balancing with passive ftp
I would like to incoming load balance ftp traffic. When I go to Services -> Load balancer and try to create a pool or a virtual server the port box only allows one port number. I use passive ftp and have my ftp servers set to use a port range of 4-40500 for passive ftp. So I really would need just 21,4-40500 to be load balanced >From reading the pf FAQ http://www.openbsd.org/faq/pf/pools.html it appears that pf supports multiple ports in a load balancing rdr. So here are the questions 1. Am I correct, can this actually be done with freebsd's pf. 2. Is there some way I can set multiple ports for the incoming load balanced ftp service (perhaps bypassing the web interface) It appears that pfsense uses the default round-robin policy (/var/etc/sldb.conf has an entry for it) but I'm curious whether the sticky-address option is set, as this would be necessary. Thanks -- Daniel Leaberry IT Manager iArchives Tel: 801-224-4015 x228 Cell: 801-376-6411 Email: [EMAIL PROTECTED]
RE: [pfSense-discussion] throughput - cpu, bus
Chipset ? I'm not sure tbh, its an abit board I purchased 4-5 years ago. The source is on a HP Netserver LH3000 (2 x P3 866Mhz, 2.25Gb RAM) with dual 64 bit PCI bus. 3 x Intel Pro MT1000 gig nics (64bit). The disk subsystem is 2 x megaraid scsi/sata controllers, with scsi3 and sata raid 5 arrays. I doubt the bottle neck is there. Although it is running vmware 2.5.1 at the moment. The guest OS is Windows XP SP2. I guess I need to see what happens when I run straight linux on the box. The firewall is currently on an abit mb, don't know which chipset till I down the fw and take a look. This has Intel Pro MT1000 gig nics (64bit) too although only 32bits are being used. The destination machine is a nforce2 mb with an athlon xp1700 with 1Gb RAM and ATA133 seagate 7200rpm drive running XP SP2. Here there is a 3com 996B Now somewhere in there is the culprit for slowing things down. I have been using ftp get on large files to do the measuring: Is there a better method ? Thanks -Original Message- From: Greg Hennessy [mailto:[EMAIL PROTECTED] Sent: 15 March 2006 10:45 To: discussion@pfsense.com Subject: RE: [pfSense-discussion] throughput - cpu, bus > guys, > 2.2MBs, 2.2 megabytes per second (120) > 7MBs, 7 megabytes pers second (athlon) Are the Athlon figures on a Via chipset motherboard ? Some of the early Via athlon chipsets had pretty lousy PCI performance. You could try tweaking the PCI latency timers in the bios to give the em card more time on the bus. This may improve throughput slightly. On a bge plugged into a nforce2 board, I can iperf ~800 read/ ~600 write through it. Greg
RE: [pfSense-discussion] throughput - cpu, bus
> guys, > 2.2MBs, 2.2 megabytes per second (120) > 7MBs, 7 megabytes pers second (athlon) Are the Athlon figures on a Via chipset motherboard ? Some of the early Via athlon chipsets had pretty lousy PCI performance. You could try tweaking the PCI latency timers in the bios to give the em card more time on the bus. This may improve throughput slightly. On a bge plugged into a nforce2 board, I can iperf ~800 read/ ~600 write through it. Greg
RE: [pfSense-discussion] throughput - cpu, bus
> HP DL380G3 w/ Broadcom and Intel NICs. I also ran an iperf > test, but ran out of physical boxes to generate and receive > the load at around 900Mbit That's around the same figure I managed to generate with iperf here while testing 12 months ago. >(I did determine the maximum > xmit/receive rate of a Sun v120 running Solaris 8 though ;) ) > During the iperf tests, the cpu load was closer to 25%, but > iperf generates larger packets, so that's no huge surprise > and why Avalanche is a much closer to real life test. Quite. Rather hard to fill a state table with iperf. > > Putting in a DL-385 for the same client, on 6.x/PF with 4 * em to > > firewall off a large network backup environment. > > I should have some pretty symon pictures soon. > > Very interested in results from a high throughput > environment. I can pass on the symon graphic goodness for my handrolled 6.x/pf build on a dl-385 if you're interested, should have some meaningful stats soon. Shame the 802.3ad/lacp code from NetBSD hasn't been ported over yet, I could make use of it in this design. > We're a large > company and pfSense doesn't meet our internal audit > requirements just yet - that's on my todo list (multi-user, > change logs, etc). Give it time :-), its all good. greg
