On Wed, Jul 30, 2008 at 10:03 PM, Ted Crow <[EMAIL PROTECTED]> wrote: > > I'm running 1.2-RELEASE and we recently upgraded from 10mbps DSL to a > metro fiber link and we were seeing a pretty significant performance hit > across the firewall, especially outbound. In troubleshooting this, my > provider has disabled all limiting on their end and the connection is > basically a wide open FDX 100Mbps link. This *really* made the > performance drop noticeable. > > Simple Diagram: > > ---------------- -------------- ------------ > | Fiber Switch |---| Cisco 2801 |---| Firewall |--> Multiple LANs > ---------------- -------------- ------------ > | > -------------- > | DMZ Switch |--> DMZ Hosts > -------------- > > A laptop directly connected to the fiber switch can pump >80Mbps to many > points on the Internet. Behind my router it only hits 45-60Mbps > probably because the router was never intended to be used at this speed > (before the speed was bumped to 100mbps there was no significant > performance drop). Behind the pfSense box, however, averages around > 20-25Mbps to the Internet. LAN to DMZ Hosts are around 55-60Mbps. > > The box is pretty beefy - a SuperServer 5015M-MF+B, Xeon 3040 with 1GB > DDR2 and six Intel 1Gbps ports. I'd be a little surprised if the > hardware has anything to do with it. CPU and RAM usage have never > exceeded 10%. > > I tried enabling polling but that made no difference. I've disabled the > traffic shaper and removed most of my packages to get where I am now and > I've run out of ideas. > > Anyone?
Search google for tweaking freebsd! I would start with tcp/udp buffers. Take a look with sysctl to the net.inet tree. > > Ted Crow > Information Technology Manager > Tuttle Services, Inc. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Ermal --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
