Send a flood of 60 byte syn packets with the tcp sack option thru it
and check out what happens. It's pretty weird and I can't explain why.
If you block the packets on the box via ipfw it's fine, the second it
has to make a routing decision everything goes out the window, it seems.
There's 100% packet loss on all protocols. I'm not using NAT, there are
real IPs in different C classes on the other side of the box.
Freddie Cash wrote:
On Thursday 15 February 2007 11:43 am, Justin Robertson wrote:
Playing with these sysctl values made 0 difference - what's supposed
to happen???
Another scary discovery - if you've got 6.2 setup to route, even with
static routes, 1Mbps of TCP SYN traffic will cause it to start dropping
packets in every direction. Awesome. Methinks I'll be using 4.11 for a
while. ;P
How are you measuring that?
We have a dual-Opteron 2 GHz box with 4 GB RAM that handles routing for 7
fibre-connected sites (1 Gbps fibre links but limited by the firewalls at
the sites to 100 Mbps) and connects to the Internet via a 1 Gbps link.
All the routing on this box is handled via static routes, and we get a
sustained 10 Mbps of traffic through the box. Nobody's complained about
their access (which isn't surprising since we upgraded their Internet
connections from a 2 Mbps shared cable connection to a dedicated 1 Gbps
fibre link).
FreeBSD 6.1-p11, about 100 ipfw rules, doing NAT for 4 servers, using 2x
bge(4) devices and 1x fxp(4) device.
--
Justin
_______________________________________________
freebsd-performance@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-performance
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
