Re: slow download - sysctl limit ?

Fri, 21 Oct 2011 08:54:13 -0700 

really look like a sysctl limit, tcpdump give me lot of packets dropped 
by kernel.
I commented every block rule to be sure it was not a rules mistake in pf

pfctl -vnf /etc/pf.conf without tables and macro
set limit states 196608
set limit src-nodes 16384
set limit frags 8192
set limit tables 1024
set limit table-entries 131072
match out on em0 inet from <ipnat> to any nat-to X.X.X.X
pass in quick on lo0 inet6 from any to ::1 flags S/SA
pass in quick on lo0 inet6 from any to fe80::1 flags S/SA
pass out quick on lo0 inet6 from any to ::1 flags S/SA
pass out quick on lo0 inet6 from any to fe80::1 flags S/SA
pass in quick on lo0 inet from any to 127.0.0.1 flags S/SA
pass out quick on lo0 inet from any to 127.0.0.1 flags S/SA
pass in quick from <admin> to any flags S/SA
pass out quick from <admin> to any flags S/SA
pass in quick on int_if proto tcp from any port = ABCD to any flags S/SA
pass in quick on int_if proto tcp from any port = ABCE to any flags S/SA
pass in quick on int_if proto udp from any port = XYZ to any
pass in all flags S/SA
pass out all flags S/SA

tcpdump -i em1
71579 packets received by filter
70115 packets dropped by kernel

I change those sysctl value :
sysctl net.inet.tcp.recvspace=65535
sysctl net.inet.tcp.sendspace=65535
sysctl net.inet.ip.maxqueue=2048
sysctl kern.somaxconn=2048
sysctl net.bpf.bufsize=2097152
sysctl net.bpf.maxbufsize=4194304
sysctl net.inet.ip.portfirst=32768
sysctl net.inet.ip.portlast=49151
sysctl net.inet.ip.porthifirst=49152
sysctl net.inet.ip.porthilast=65535
sysctl kern.seminfo.semmni=1024
sysctl kern.seminfo.semmns=4096
sysctl kern.shminfo.shmmax=67018864
sysctl kern.shminfo.shmall=32768

The're now a lot less paquet lost but speed test is as much slow.

Any idea ?

Thanks

Michel

Le 2011-10-21 10:42, Michel Blais a icrit :
> I got a problem with snapshot (not shure if it's the last),
> download is really slow, 0.3 to 1 Mbps per customent.
> Also a lot of paquet lost beginning from the openbsd.
> The're around 800 to 1000 users on this server.
> Bandwith is not a problem but we often saw limitation in number
> of paquets be the problem on our old servers. When it's happen
> with linux, it often a ct sysctl value. I saw this too with PF on
> FreeBSD that I add to give higher value in set limit.
>
> I use the same limit value than on my FreeBSD server that have 3 x more
> traffic and users.
> set limit { states 196608, src-nodes 16384, frags 8192, tables 1024, 
> table-entries 131072 }
> so I really don't think those value are too low
>
> # pfctl -si
> Status: Enabled for 0 days 05:18:11              Debug: err
>
> State Table                          Total             Rate
>   current entries                    24986
>   searches                       112481055         5891.8/s
>   inserts                          3846438          201.5/s
>   removals                         3821452          200.2/s
> Counters
>   match                            5534959          289.9/s
>   bad-offset                             0            0.0/s
>   fragment                              26            0.0/s
>   short                               1284            0.1/s
>   normalize                            602            0.0/s
>   memory                              4228            0.2/s
>   bad-timestamp                          0            0.0/s
>   congestion                             0            0.0/s
>   ip-option                              1            0.0/s
>   proto-cksum                            0            0.0/s
>   state-mismatch                     20446            1.1/s
>   state-insert                          24            0.0/s
>   state-limit                            0            0.0/s
>   src-limit                              0            0.0/s
>   synproxy                               0            0.0/s
>
> no queue and I don't see any error in dmesg or in the log. CPU load is 
> between 4 to 8% load checking with systat, 1920704 active memory free. 
> Interrupts total from 6 to 7k.
>
> Is there a sysctl that could block too much connexion ? I looked at 
> the inet list 1 by 1 but didn't find anything for now. Any other idea ?
>
> Michel
>
> DMESG :
>
> arpresolve: 10.8.1.4 <http://10.8.1.4>: route without link local 
> address (This one come often and also see somethime 10.8.1.26)
> syncing disks... done
> r
> OpenBSD 5.0-current (GENERIC.MP <http://GENERIC.MP>) #70: Mon Sep 12 
> 02:07:20 MDT 2011
>     
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP 
> <http://GENERIC.MP>
> real mem = 2135490560 (2036MB)
> avail mem = 2064576512 (1968MB)
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9f800 (22 entries)
> bios0: vendor American Megatrends Inc. version "080016" date 03/04/2011
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S1 S4 S5
> acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI SSDT
> acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) 
> USB2(S4) USB3(S4) EUSB(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) 
> P0P8(S4) P0P9(S4) SLPB(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1500.18 MHz
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG
> cpu0: 512KB 64b/line 8-way L2 cache
> cpu0: apic clock running at 166MHz
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1499.99 MHz
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG
> cpu1: 512KB 64b/line 8-way L2 cache
> cpu2 at mainbus0: apid 1 (application processor)
> cpu2: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1499.99 MHz
> cpu2: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG
> cpu2: 512KB 64b/line 8-way L2 cache
> cpu3 at mainbus0: apid 3 (application processor)
> cpu3: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1499.99 MHz
> cpu3: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG
> cpu3: 512KB 64b/line 8-way L2 cache
> ioapic0 at mainbus0: apid 4 pa 0xfec00000, version 20, 24 pins
> ioapic0: misconfigured as apic 1, remapped to apid 4
> acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 5 (P0P1)
> acpiprt2 at acpi0: bus 1 (P0P4)
> acpiprt3 at acpi0: bus 2 (P0P5)
> acpiprt4 at acpi0: bus 3 (P0P6)
> acpiprt5 at acpi0: bus 4 (P0P7)
> acpiprt6 at acpi0: bus -1 (P0P8)
> acpiprt7 at acpi0: bus -1 (P0P9)
> acpicpu0 at acpi0: PSS
> acpicpu1 at acpi0: PSS
> acpicpu2 at acpi0: PSS
> acpicpu3 at acpi0: PSS
> acpibtn0 at acpi0: SLPB
> acpibtn1 at acpi0: PWRB
> cpu0: Enhanced SpeedStep 1499 MHz: speeds: 1500, 1000 MHz
> pci0 at mainbus0 bus 0
> mem address conflict 0xfc00/0x400
> pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x02
> vga1 at pci0 dev 2 function 0 "Intel Pineview Video" rev 0x02
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> intagp0 at vga1
> agp0 at intagp0: aperture at 0xd0000000, size 0x10000000
> inteldrm0 at vga1: apic 4 int 16
> drm0 at inteldrm0
> "Intel Pineview Video" rev 0x02 at pci0 dev 2 function 1 not configured
> azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi
> azalia0: codecs: VIA/0x4397
> audio0 at azalia0
> ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: msi
> pci1 at ppb0 bus 1
> ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: msi
> pci2 at ppb1 bus 2
> re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E 
> (0x2c00), apic 4 int 17, address 00:30:18:a0:fd:eb
> rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 4
> ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: msi
> pci3 at ppb2 bus 3
> re1 at pci3 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E 
> (0x2c00), apic 4 int 18, address 00:30:18:a0:fd:ec
> rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 4
> ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: msi
> pci4 at ppb3 bus 4
> jmb0 at pci4 dev 0 function 0 "JMicron JMB363 IDE/SATA" rev 0x10
> ahci0 at jmb0: apic 4 int 19, AHCI 1.1
> scsibus0 at ahci0: 32 targets
> pciide0 at jmb0: DMA, channel 0 wired to native-PCI, channel 1 wired 
> to native-PCI
> pciide0: using apic 4 int 19 for native-PCI interrupt
> pciide0: channel 0 disabled (no drives)
> pciide0: channel 1 disabled (no drives)
> uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 4 
> int 23
> uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 4 
> int 19
> uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 4 
> int 18
> uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 4 
> int 16
> ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 4 
> int 23
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
> pci5 at ppb4 bus 5
> em0 at pci5 dev 4 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: 
> apic 4 int 18, address 00:30:18:a0:f5:a1
> em1 at pci5 dev 6 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: 
> apic 4 int 19, address 00:30:18:a0:f5:a2
> em2 at pci5 dev 7 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: 
> apic 4 int 16, address 00:30:18:a0:f5:a3
> pcib0 at pci0 dev 31 function 0 "Intel Tigerpoint LPC" rev 0x02
> pciide1 at pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x02: DMA, 
> channel 0 configured to native-PCI, channel 1 configured to native-PCI
> pciide1: using apic 4 int 19 for native-PCI interrupt
> wd0 at pciide1 channel 0 drive 0: <INTEL SSDSA2CT040G3>
> wd0: 16-sector PIO, LBA48, 38166MB, 78165360 sectors
> wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6
> ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x02: apic 
> 4 int 19
> iic0 at ichiic0
> spdmem0 at iic0 addr 0x50: 2GB DDR3 SDRAM PC3-10600 SO-DIMM
> usb1 at uhci0: USB revision 1.0
> uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb2 at uhci1: USB revision 1.0
> uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb3 at uhci2: USB revision 1.0
> uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb4 at uhci3: USB revision 1.0
> uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> isa0 at pcib0
> isadma0 at isa0
> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> com0: probed fifo depth: 15 bytes
> com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> com1: probed fifo depth: 15 bytes
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> lpt0 at isa0 port 0x378/4 irq 7
> mtrr: Pentium Pro MTRR support
> vscsi0 at root
> scsibus1 at vscsi0: 256 targets
> softraid0 at root
> scsibus2 at softraid0: 256 targets
> root on wd0a (c0b9648c56b1a52b.a) swap on wd0b dump on wd0b

Reply via email to