Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0
Hello, here is the output from top -S : last pid: 1570; load averages: 0.56, 0.20, 0.10 up 0+02:59:36 14:03:53 76 processes: 4 running, 47 sleeping, 2 stopped, 23 waiting CPU states: 14.9% user, 0.0% nice, 57.4% system, 27.7% interrupt, 0.0% idle Mem: 17M Active, 6084K Inact, 14M Wired, 11M Buf, 17M Free Swap: 500M Total, 500M Free PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 11 root1 171 52 0K 8K RUN173:00 39.55% idle 1414 root1 1150 1432K 908K RUN 0:22 39.36% natd 22 root1 -68 -187 0K 8K WAIT 1:07 10.40% irq11: xl1 21 root1 -68 -187 0K 8K WAIT 0:30 3.32% irq10: xl0 27 root1 -44 -163 0K 8K WAIT 1:39 2.39% swi1: net 30 root1 -160 0K 8K -0:07 0.05% yarrow 28 root1 -32 -151 0K 8K RUN 0:30 0.00% swi4: clock sio 540 plk 1 960 2140K 1844K select 0:03 0.00% screen 39 root1 171 52 0K 8K pgzero 0:02 0.00% pagezero 550 root1 200 4460K 2956K pause0:02 0.00% tcsh 47 root1 -160 0K 8K -0:01 0.00% schedcpu 1062 plk 1 960 6076K 3140K select 0:01 0.00% sshd 2 root1 -80 0K 8K -0:01 0.00% g_event 4 root1 -80 0K 8K -0:01 0.00% g_down 3 root1 -80 0K 8K -0:01 0.00% g_up 447 root1 960 3396K 2684K select 0:01 0.00% sendmail 1050 root1 50 4440K 2928K ttyin0:01 0.00% tcsh 1342 root1 960 2336K 1616K RUN 0:01 0.00% top 41 root1 200 0K 8K syncer 0:01 0.00% syncer 327 root1 960 1328K 904K select 0:00 0.00% syslogd 1059 root1 40 6100K 3128K sbwait 0:00 0.00% sshd 42 root1 -40 0K 8K vlruwt 0:00 0.00% vnlru 40 root1 -160 0K 8K psleep 0:00 0.00% bufdaemon 463 root1 80 1312K 1032K nanslp 0:00 0.00% cron 7 root1 -80 0K 8K -0:00 0.00% fdc0 670 plk 1 200 4092K 2692K pause0:00 0.00% tcsh 1357 root1 960 3436K 2304K STOP 0:00 0.00% joe 546 plk 1 200 4092K 2692K pause0:00 0.00% tcsh 542 plk 1 50 3996K 2576K ttyin0:00 0.00% tcsh 1063 plk 1 200 3984K 2604K pause0:00 0.00% tcsh 1067 plk 1 200 1928K 1556K pause0:00 0.00% screen 25 root1 -64 -183 0K 8K WAIT 0:00 0.00% irq14: ata0 I did try to enable DEVICE_POLLING also, but this didn't help. The CPU load decreased, but the throughput decreased from 24Mbps to 18Mbps also. I've commented out #options MROUTING #options IPFIREWALL_FORWARD #options IPFIREWALL_FORWARD_EXTENDED #options IPSTEALTH #options TCPDEBUG #options IPSEC_DEBUG #options IPSEC #options IPSEC_ESP (it's not necessary for me in this time), but it has no impact to this problem. The throughput is still low. I've tried PF, suggested by Martin Hudec and it seems that PF does not have this performance problem. I like IPFW, I use it since year 1999, but probably is time to switch to PF. Thanks all for their reply. Regards, Bohus On Mon, Mar 20, 2006 at 12:44:09PM -0500, Kris Kennaway wrote: On Mon, Mar 20, 2006 at 02:10:20PM +0100, Bohuslav Plucinsky wrote: The top utility shows 100% CPU load: What about top -S to show the kernel threads (since that's what's using 90% of your CPU)? last pid: 771; load averages: 0.25, 0.06, 0.02 up 0+00:24:30 14:08:32 27 processes: 2 running, 25 sleeping CPU states: 8.8% user, 0.0% nice, 59.6% system, 31.6% interrupt, 0.0% idle Mem: 16M Active, 4752K Inact, 11M Wired, 8144K Buf, 22M Free Swap: 500M Total, 500M Free PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 229 root1 1050 1428K 904K RUN 0:35 40.82% natd options MROUTING# Multicast routing Do you actually use this? options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about dropped packets options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_FORWARD_EXTENDED #all packet dest changes options IPSTEALTH #support for stealth forwarding options IPDIVERT#divert sockets options TCPDEBUG options IPSEC_DEBUG #debug for IP security Why do you define the DEBUG settings? They'll only slow you down, but it's probably not the main reason. options DUMMYNET options
Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0
Bohuslav Plucinsky wrote: I've tried PF, suggested by Martin Hudec and it seems that PF does not have this performance problem. I like IPFW, I use it since year 1999, but probably is time to switch to PF. The impact you receive is caused by user-level 'natd'. Use 'ipnat(8)' instead as it is kernel-level, or as mentioned use 'pf(4)'. Of course use it without 'ipfw add divert' rule by saving the overall role of 'ipfw' in your firewalling. As an addition, you may use 'ipnat', 'ipfw' and 'pf' and seems even 'ipf' together the same time (with some precautions, try to find the information on it, I know it was there). Just using needed specific features of each of them where it is needed. Try it. Use it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Low network performance after upgrade from FreeBSD 4.8 to 6.0
Hello, I use the FreeBSD box as the firewall with NAT (ipfw + natd). When I've upgraded the box from 4.8-20030810-STABLE to 6.0-RELEASE I've noticed a performance degradation. I've only one workstation behind the firewall and throughput of downloading an ISO image through the firewall with 6.0-RELEASE booted, is only 24Mbps. (When I reboot the machine with 4.8-20030810-STABLE installation, the throughput is 80Mbps). The firewall_type was open during the download: # ipfw show 00050 105842 106637407 divert 8668 ip from any to any via xl0 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 211701 213100988 allow ip from any to any 65535 11 665 deny ip from any to any The top utility shows 100% CPU load: - last pid: 771; load averages: 0.25, 0.06, 0.02 up 0+00:24:30 14:08:32 27 processes: 2 running, 25 sleeping CPU states: 8.8% user, 0.0% nice, 59.6% system, 31.6% interrupt, 0.0% idle Mem: 16M Active, 4752K Inact, 11M Wired, 8144K Buf, 22M Free Swap: 500M Total, 500M Free PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 229 root1 1050 1428K 904K RUN 0:35 40.82% natd 680 plk 1 960 6076K 3112K select 0:01 0.00% sshd 688 plk 1 960 2100K 1804K select 0:01 0.00% screen 739 root1 200 4420K 2868K pause0:00 0.00% tcsh 760 root1 50 4416K 2856K ttyin0:00 0.00% tcsh 694 plk 1 200 4416K 2856K pause0:00 0.00% tcsh 478 root1 960 1328K 904K select 0:00 0.00% syslogd 677 root1 40 6100K 3100K sbwait 0:00 0.00% sshd 690 plk 1 200 4916K 3504K pause0:00 0.00% tcsh 681 plk 1 200 3984K 2584K pause0:00 0.00% tcsh 767 plk 1 200 4088K 2688K pause0:00 0.00% tcsh 598 root1 960 3416K 2692K select 0:00 0.00% sendmail 751 root1 50 1632K 1320K ttyin0:00 0.00% less 771 plk 1 960 2268K 1544K RUN 0:00 0.00% top 685 plk 1 200 1928K 1512K pause0:00 0.00% screen 614 root1 80 1312K 1032K nanslp 0:00 0.00% cron 668 root1 50 1264K 936K ttyin0:00 0.00% getty 665 root1 50 1264K 936K ttyin0:00 0.00% getty 671 root1 50 1264K 936K ttyin0:00 0.00% getty 664 root1 50 1264K 936K ttyin0:00 0.00% getty 667 root1 50 1264K 936K ttyin0:00 0.00% getty 666 root1 50 1264K 936K ttyin0:00 0.00% getty 669 root1 50 1264K 936K ttyin0:00 0.00% getty 670 root1 50 1264K 936K ttyin0:00 0.00% getty 592 root1 960 3352K 2500K select 0:00 0.00% sshd 602 smmsp 1 200 3296K 2724K pause0:00 0.00% sendmail 449 root1 1110 500K 352K select 0:00 0.00% devd The HW is: -- CPU: Pentium II Celeron 400MHz RAM: 64MB NIC: 2x 3Com905B Kernel config: -- machine i386 cpu I586_CPU cpu I686_CPU ident FW maxusers64 makeoptions DEBUG=-g# Build kernel with gdb(1) debug symbols options HZ=100 options SCHED_4BSD # 4BSD scheduler options INET# InterNETworking options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists options UFS_DIRHASH # Improve performance on big directories options NFSCLIENT # Network Filesystem Client options NFSSERVER # Network Filesystem Server options NFS_ROOT# NFS usable as /, requires NFSCLIENT options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options PROCFS # Process filesystem (requires PSEUDOFS) options PSEUDOFS# Pseudo-filesystem framework options GEOM_GPT# GUID Partition Tables. options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] options COMPAT_FREEBSD4 # Compatible with FreeBSD4 options COMPAT_FREEBSD5 # Compatible with FreeBSD5 options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI options KTRACE # ktrace(1) support options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM
Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0
- Original Message - From: Bohuslav Plucinsky [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Cc: freebsd-net@freebsd.org Sent: Monday, March 20, 2006 2:10 PM Subject: Low network performance after upgrade from FreeBSD 4.8 to 6.0 Hello, I use the FreeBSD box as the firewall with NAT (ipfw + natd). When I've upgraded the box from 4.8-20030810-STABLE to 6.0-RELEASE I've noticed a performance degradation. I've only one workstation behind the firewall and throughput of downloading an ISO image through the firewall with 6.0-RELEASE booted, is only 24Mbps. (When I reboot the machine with 4.8-20030810-STABLE installation, the throughput is 80Mbps). The firewall_type was open during the download: PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 229 root1 1050 1428K 904K RUN 0:35 40.82% natd options HZ=100 Can somebody advise me, if this is some configuration problem or the requirement of FreeBSD 6.0 kernel has been increased and HW of my firewall is not enough? HZ=100 is not a good idea.. i set it to 1000 before and i had no idle CPU try to set it to 2000 echo 'kern.hz=2000' /boot/loader.conf Thanks, Bohus Plucinsky ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0
Hello, Bohuslav Plucinsky wrote: I use the FreeBSD box as the firewall with NAT (ipfw + natd). When I've upgraded the box from 4.8-20030810-STABLE to 6.0-RELEASE I've noticed a performance degradation. CPU states: 8.8% user, 0.0% nice, 59.6% system, 31.6% interrupt, 0.0% idle PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 229 root1 1050 1428K 904K RUN 0:35 40.82% natd When I change the IP addresses on inside interface from private to public and disable NAT, the throughput is again 80Mbps. Is it possible to switch to pf (available on 6.x) and to set HZ to 1000? Also you could try to switch on polling on those 3coms? Cheers, Martin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0
On Mon, Mar 20, 2006 at 02:10:20PM +0100, Bohuslav Plucinsky wrote: The top utility shows 100% CPU load: What about top -S to show the kernel threads (since that's what's using 90% of your CPU)? last pid: 771; load averages: 0.25, 0.06, 0.02 up 0+00:24:30 14:08:32 27 processes: 2 running, 25 sleeping CPU states: 8.8% user, 0.0% nice, 59.6% system, 31.6% interrupt, 0.0% idle Mem: 16M Active, 4752K Inact, 11M Wired, 8144K Buf, 22M Free Swap: 500M Total, 500M Free PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 229 root1 1050 1428K 904K RUN 0:35 40.82% natd options MROUTING# Multicast routing Do you actually use this? options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about dropped packets options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_FORWARD_EXTENDED #all packet dest changes options IPSTEALTH #support for stealth forwarding options IPDIVERT#divert sockets options TCPDEBUG options IPSEC_DEBUG #debug for IP security Why do you define the DEBUG settings? They'll only slow you down, but it's probably not the main reason. options DUMMYNET options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN options INCLUDE_CONFIG_FILE # Include this file in kernel options IPSEC #IP security options IPSEC_ESP #IP security (crypto; define w/ IPSEC) Better to use fast ipsec unless you have a need for ipv6. Kris pgpOFiYgOEIYE.pgp Description: PGP signature
Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0
On Mon, Mar 20, 2006 at 03:33:33PM +0100, OxY wrote: - Original Message - From: Bohuslav Plucinsky [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Cc: freebsd-net@freebsd.org Sent: Monday, March 20, 2006 2:10 PM Subject: Low network performance after upgrade from FreeBSD 4.8 to 6.0 Hello, I use the FreeBSD box as the firewall with NAT (ipfw + natd). When I've upgraded the box from 4.8-20030810-STABLE to 6.0-RELEASE I've noticed a performance degradation. I've only one workstation behind the firewall and throughput of downloading an ISO image through the firewall with 6.0-RELEASE booted, is only 24Mbps. (When I reboot the machine with 4.8-20030810-STABLE installation, the throughput is 80Mbps). The firewall_type was open during the download: PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 229 root1 1050 1428K 904K RUN 0:35 40.82% natd options HZ=100 Can somebody advise me, if this is some configuration problem or the requirement of FreeBSD 6.0 kernel has been increased and HW of my firewall is not enough? HZ=100 is not a good idea.. i set it to 1000 before and i had no idle CPU try to set it to 2000 echo 'kern.hz=2000' /boot/loader.conf I don't think that's a sensible idea on a 400MHz CPU. Kris pgpPP2RMeakjE.pgp Description: PGP signature