On Feb 13, 2008 11:08 AM, Ted Unangst [EMAIL PROTECTED] wrote:
On 2/12/08, Darren Spiteri [EMAIL PROTECTED] wrote:
This is irrelevant on a firewall/router.
Sorry, you are wrong. I can achieve much higher throughput per
connected state by tweaking recvspace and sendspace.
then your
On Feb 13, 2008 1:40 AM, Stuart Henderson [EMAIL PROTECTED] wrote:
On 2008/02/13 01:04, Darren Spiteri wrote:
Try tweaking this sysctl: net.inet.tcp.recvspc
Give it sysctl -w net.inet.tcp.recvspace=262144 and run your tests.
Tweak it down from there.
This is irrelevant on a
Darren Spiteri ??:
On Feb 13, 2008 11:08 AM, Ted Unangst [EMAIL PROTECTED] wrote:
On 2/12/08, Darren Spiteri [EMAIL PROTECTED] wrote:
This is irrelevant on a firewall/router.
Sorry, you are wrong. I can achieve much higher throughput per
connected state by tweaking
Ted Unangst ha scritto:
On 2/12/08, Darren Spiteri [EMAIL PROTECTED] wrote:
I don't know why or how this poorly documented sysctl works, but the
result speaks for itself. Note the dramatic throughput increase of the
parent.
running netperf on a firewall is a poor test of forwarding
On Feb 12, 2008 9:47 PM, Darren Spiteri [EMAIL PROTECTED] wrote:
On Feb 13, 2008 1:36 PM, David Higgs [EMAIL PROTECTED] wrote:
What's your definition of network performance?
What's your delineation between a firewall and a router?
I believe Ted's point is that receiving and sending
On Feb 13, 2008 1:36 PM, David Higgs [EMAIL PROTECTED] wrote:
What's your definition of network performance?
What's your delineation between a firewall and a router?
I believe Ted's point is that receiving and sending packets (i.e.
using it as an endpoint) is the job of a server, not a
On Feb 13, 2008 2:12 PM, bofh [EMAIL PROTECTED] wrote:
On Feb 12, 2008 9:47 PM, Darren Spiteri [EMAIL PROTECTED] wrote:
Firewalls that have proxy software operate as both client and server.
This is now going into the silly place. David Higgs told you what is the
definition of network
On Feb 12, 2008 11:21 PM, Darren Spiteri [EMAIL PROTECTED] wrote:
Now we're just getting into semantics. It is not uncommon for a
firewall to operate on layer 7, even with OpenBSD, considering that an
essential component of PF is ftp-proxy. What you call a firewall I
call a screen-router.
On Feb 13, 2008 2:28 PM, David Higgs [EMAIL PROTECTED] wrote:
Unless I'm massively wrong about what net.inet.tcp.* is used for, this
indicates that the parent was NOT testing throughput as one would
typically define it for a router/firewall. He was testing his box's
ability to send and
On Feb 12, 2008 9:44 PM, Darren Spiteri [EMAIL PROTECTED] wrote:
On Feb 13, 2008 11:47 AM, NetOne - Doichin Dokov [EMAIL PROTECTED] wrote:
Could we have a look at those numbers, in fact?
From the parent:
In the next step I increased the value for net.inet.tcp.recvspace and
On Feb 12, 2008 8:37 PM, raven [EMAIL PROTECTED] wrote:
Ted Unangst ha scritto:
On 2/12/08, Darren Spiteri [EMAIL PROTECTED] wrote:
I don't know why or how this poorly documented sysctl works, but the
result speaks for itself. Note the dramatic throughput increase of the
parent.
I don't agree, considering that OpenBSD firewalls often run ftp-proxy
and other layer 7 relays such as hoststated and squid. You may be
right that this is a red-herring in the qualified bare-bones router
config, but it answered the parent poster's question.
On Feb 13, 2008 11:45 AM, Ted Unangst
On 2/12/08, Darren Spiteri [EMAIL PROTECTED] wrote:
I don't know why or how this poorly documented sysctl works, but the
result speaks for itself. Note the dramatic throughput increase of the
parent.
running netperf on a firewall is a poor test of forwarding performance.
On 2008/02/13 01:04, Darren Spiteri wrote:
Try tweaking this sysctl: net.inet.tcp.recvspc
Give it sysctl -w net.inet.tcp.recvspace=262144 and run your tests.
Tweak it down from there.
This is irrelevant on a firewall/router.
I have been using openbsd as router and firewall for several
14 matches
Mail list logo
