On Thu, Jul 30, 2009 at 4:25 PM, Evgeny Yurchenko <
evgeny.yurche...@frontline.ca> wrote:
>
> My traffic spike is between em and bge interfaces... I have another box
> with two bge interfaces with load peaking at 250Mb/s and packets 24kpps and
> there I have cpu-bandwidth relation.
> If you do not mind you can send my your config, but I doubt that there is a
> problem at this high level. What about interrupt numbers? Two nics use
> different interrupts, right?
>
> Eugene.
>
> This is my config, aliases and most rules removed.
<?xml version="1.0"?>
<pfsense>
<version>3.0</version>
<lastchange/>
<theme>nervecenter</theme>
<system>
<optimization>normal</optimization>
<hostname>pfsense</hostname>
<domain>local</domain>
<username>admin</username>
<password>somepass</password>
<timezone>Asia/Jerusalem</timezone>
<time-update-interval/>
<timeservers>0.pfsense.pool.ntp.org</timeservers>
<webgui>
<protocol>http</protocol>
<certificate/>
<private-key/>
<port/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<ssh>
<authorizedkeys/>
<port/>
</ssh>
<enablesshd>yes</enablesshd>
<maximumstates>1000000</maximumstates>
<shapertype/>
<dnsserver>208.67.220.220</dnsserver>
<dnsserver>208.67.222.222</dnsserver>
<dnsallowoverride/>
</system>
<interfaces>
<lan>
<if>bce0</if>
<ipaddr>192.168.0.249</ipaddr>
<subnet>24</subnet>
<media/>
<mediaopt/>
<bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
</lan>
<wan>
<if>em0</if>
<mtu/>
<media/>
<mediaopt/>
<bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<spoofmac/>
<disableftpproxy/>
<ipaddr>x.x.x.104</ipaddr>
<subnet>28</subnet>
<gateway>x.x.x.97</gateway>
<blockpriv/>
<blockbogons/>
</wan>
<opt1>
<if>em1</if>
<descr>OPTICAL</descr>
<bridge/>
<enable/>
<ipaddr>y.y.y.25</ipaddr>
<subnet>29</subnet>
<gateway/>
<spoofmac/>
<mtu/>
</opt1>
<opt2>
<if>bce1</if>
<descr>OPT2</descr>
</opt2>
</interfaces>
<staticroutes>
<route>
<interface>opt1</interface>
<network>z.z.z.160/27</network>
<gateway>y.y.y.26</gateway>
<descr/>
</route>
</staticroutes>
<pppoe>
<username/>
<password/>
<provider/>
</pppoe>
<pptp>
<username/>
<password/>
<local/>
<subnet/>
<remote/>
</pptp>
<bigpond>
<username/>
<password/>
<authserver/>
<authdomain/>
<minheartbeatinterval/>
</bigpond>
<dyndns>
<type>dyndns</type>
<username/>
<password/>
<host/>
<mx/>
</dyndns>
<dhcpd>
<lan>
<range>
<from>192.168.1.10</from>
<to>192.168.1.245</to>
</range>
<defaultleasetime/>
<maxleasetime/>
<netmask/>
<failover_peerip/>
<gateway/>
<ddnsdomain/>
<next-server/>
<filename/>
</lan>
</dhcpd>
<pptpd>
<mode/>
<redir/>
<localip/>
<remoteip/>
</pptpd>
<ovpn/>
<dnsmasq>
<enable/>
</dnsmasq>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<diag>
<ipv6nat/>
</diag>
<bridge/>
<syslog>
<nentries>50</nentries>
<filter/>
<system/>
<dhcp/>
<remoteserver>s.s.s.129</remoteserver>
<enable/>
<nologdefaultblock/>
</syslog>
<nat>
<ipsecpassthru/>
<advancedoutbound>
<enable/>
</advancedoutbound>
</nat>
<filter>
<rule>
<type>pass</type>
<interface>wan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<address>Squids_VIP</address>
<port>80</port>
</destination>
<descr>Allow http to squids.</descr>
</rule>
some "wan" rules removed.
<rule>
<type>pass</type>
<interface>opt1</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<source>
<network>opt1</network>
</source>
<destination>
<network>opt1</network>
</destination>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<descr/>
</rule>
some "opt1" rules removed.
<rule>
<type>pass</type>
<descr>Default LAN -> any</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
</filter>
<shaper/>
<ipsec>
<preferredoldsa/>
</ipsec>
aliases removed
<proxyarp/>
<cron>
<item>
<minute>0</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 newsyslog</command>
</item>
<item>
<minute>1,31</minute>
<hour>0-5</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 adjkerntz -a</command>
</item>
<item>
<minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t
3600 sshlockout</command>
</item>
<item>
<minute>1</minute>
<hour>1</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t
3600 virusprot</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600
snort2c</command>
</item>
<item>
<minute>*/5</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/local/bin/checkreload.sh</command>
</item>
<item>
<minute>*/5</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/etc/ping_hosts.sh</command>
</item>
<item>
<minute>*/140</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/local/sbin/reset_slbd.sh</command>
</item>
</cron>
<wol/>
<installedpackages>
<miniupnpd>
<config>
<enable/>
<iface_array/>
<download/>
<upload/>
<overridewanip/>
<logpackets/>
<sysuptime/>
<permdefault/>
<permuser1/>
<permuser2/>
<permuser3/>
<permuser4/>
</config>
</miniupnpd>
</installedpackages>
<revision>
<description>/vpn_ipsec.php made unknown change</description>
<time>1246365396</time>
</revision>
<rrd>
<enable/>
</rrd>
</pfsense>
Lenny.
