Re: pfsync bulk transfer performance

2011-05-05 Thread David Gwynne
On 05/05/2011, at 10:27 PM, Kapetanakis Giannis wrote: > On 05/05/11 13:37, David Gwynne wrote: >> i do this on my firewalls sometimes: >> >> root@passive ~# ssh master pfctl -S /dev/stdout | pfctl -L /dev/stdin >> >> its a bit faster... >> >> dlg > > > I've tried your trick and it took just a sec

Re: pfsync bulk transfer performance

2011-05-05 Thread Kapetanakis Giannis
On 05/05/11 13:37, David Gwynne wrote: > when doing a bulk update pfsync only generates 100 packets a second. each packet will be filled with as many full state update messages as possible. > > unfortunately the full state update message is about 264 bytes so you can only fit 5 in a packet. that me

Re: pfsync bulk transfer performance

2011-05-05 Thread David Gwynne
when doing a bulk update pfsync only generates 100 packets a second. each packet will be filled with as many full state update messages as possible. unfortunately the full state update message is about 264 bytes so you can only fit 5 in a packet. that means 5 * 100 or 500 messages a second, which

Re: pfsync bulk transfer performance

2011-05-05 Thread Tom Murphy
Kapetanakis Giannis wrote: > Hi, > > I'd like to ask if it's normal for pfsync bulk transfer to take 5-15 > minutes to end for 60k states. > > pfsync is on a dedicated gigabit interface on both firewalls. I've seen this too. On a pair of 4.9-release firewalls. If I reboot the master, it can take u

Re: pfsync bulk transfer performance

2011-05-04 Thread Kapetanakis Giannis
On 04/05/11 18:40, Otto Moerbeek wrote: > Op 4 mei 2011 om 17:23 heeft Kapetanakis Giannis het volgende geschreven: > >> Hi, >> >> I'd like to ask if it's normal for pfsync bulk transfer to take 5-15 >> minutes to end for 60k states. >> > This is probably the first attempt failing because the inter

Re: pfsync bulk transfer performance

2011-05-04 Thread Otto Moerbeek
Op 4 mei 2011 om 17:23 heeft Kapetanakis Giannis het volgende geschreven: > Hi, > > I'd like to ask if it's normal for pfsync bulk transfer to take 5-15 > minutes to end for 60k states. > > pfsync is on a dedicated gigabit interface on both firewalls. > > May 4 17:59:35 fw1 /bsd: carp: pfsync0 d

pfsync bulk transfer performance

2011-05-04 Thread Kapetanakis Giannis
Hi, I'd like to ask if it's normal for pfsync bulk transfer to take 5-15 minutes to end for 60k states. pfsync is on a dedicated gigabit interface on both firewalls. May 4 17:59:35 fw1 /bsd: carp: pfsync0 demoted group carp by 1 to 131 (pfsync bulk start) May 4 17:59:35 fw1 /bsd: carp: pfsync0