On 1/13/10 8:14 AM, Ugo Bellavance wrote: > Le 2010-01-13 09:49, Chris Buechler a écrit : >> On Wed, Jan 13, 2010 at 12:59 AM, David >> Newman<[email protected]> wrote: >>> On 1/12/10 9:51 PM, Ugo Bellavance wrote: >>>> On 2010-01-12 23:56, Chris Buechler wrote: >>>>> On Tue, Jan 12, 2010 at 11:50 PM, Ugo Bellavance<[email protected]> >>>>> wrote: >>>>>> Hi, >>>>>> >>>>>> I'm running pfsense 1.2.2 on a pentium 4, 3.0 ghz, 1 GB RAM. HDD >>>>>> install. >>>>>> >>>>>> When I start a download from a nearby centos mirror, directly from >>>>>> the >>>>>> firewall (using fetch), I get the full bandwith available from my ISP >>>>>> (60 >>>>>> mbps). However, If I try to download the same file from the same >>>>>> server, >>>>>> but from a linux server behind the firewall, using wget, I only get >>>>>> about 20 >>>>>> mbps. If I start multiple download, I can reach 60mbps. Is there an >>>>>> explanation? >>>>>> >>>>> >>>>> Probably a TCP window difference of some sort between FreeBSD and your >>>>> Linux box. >>>> >>>> How would I check that? >>> >>> Run tcpdump to capture traffic from both types of transfers (from the >>> firewall and behind the firewall). Then examine the captures to compare >>> the TCP receive window sizes during the transfers. >>> >> >> That's the best way, though maybe not the easiest to decipher if you >> aren't intricately familiar with how TCP functions. > > > ## Linux box > > net.ipv4.tcp_tso_win_divisor = 3 > net.ipv4.tcp_adv_win_scale = 2 > net.ipv4.tcp_app_win = 31 > net.ipv4.tcp_window_scaling = 1 > > net.core.rmem_default = 107520 > net.core.wmem_default = 107520 > net.core.rmem_max = 131071 > net.core.wmem_max = 131071 > > > ## pfsense box > > # sysctl -a | grep -i tcp | grep space > net.inet.tcp.sendspace: 65228 > net.inet.tcp.recvspace: 65228 > > I hope I got all the numbers, these are the default values, we didn't > change them.
I would strongly recommend against messing with TCP sysctls unless (a) you know what the actual problem is and (b) you fully understand TCP sliding windows and window scaling mechanics. TCP is a complex beast, and easily upset. Better to first isolate and understand the problem before attempting fixes. dn --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
