Just some more pointers? Please correct me if I am saying some thing wrong.
Maybe also good to look at cpu interupts. I'me not sure how good if_bge today are. I found them in the past "slowly" eating interrupts when passing lot of small sized traffic. How is your avarage packet size? I could blast 1000 mbit on if_em interfaces but only 400mbit when very small packets. So also a thing to check. Also check interface drops. Regards Robert On Wed, Aug 16, 2017 at 04:34:50PM -0300, Juan Guillermo Narvaez wrote: > Thanks James, now I'm trying with 3K customers and 1M states. > > I will comments my results to the list when a finish. > > Guillermo. > > On Wed, Aug 16, 2017 at 4:01 PM, James Shupe <jsh...@hermetek.com> wrote: > > > Have you raised states? 10K is the default I believe, the most likely > > culprit. > > > > On 8/16/2017 12:55 PM, Juan Guillermo Narvaez wrote: > > > Hello everyone! > > > > > > I'm relative new using OpenBSD, I have just 4 years using this OS for > > dhcp > > > servers. > > > Today I have the mission of implement this OS in a cablemodem headend, in > > > my first try I get negative results with this rules: > > > > > > *pass all flags S/SA* > > > > > > *#LAN* > > > *match out log on bge0 inet from 192.168.254.0/24 < > > http://192.168.254.0/24> > > > to any nat-to 200.91.35.55* > > > *pass on bge0 inet from 192.168.254.0/24 <http://192.168.254.0/24> to > > any > > > flags S/SA* > > > *#CPE Network* > > > *match out on bge0 inet from 172.21.0.0/19 <http://172.21.0.0/19> to any > > > nat-to 200.91.35.55* > > > *pass on bge0 inet from 172.21.0.0/19 <http://172.21.0.0/19> to any > > flags > > > S/SA* > > > > > > This is a basic PF that I use for this try, the CPE network has 900 > > active > > > customers. > > > When I put the whole customer network traffic through my OpenBSD router > > the > > > traffic tend to fall slowly and the LAN network is really slow too. I > > read > > > about a lot of 'tweaks' the high performance configurations but I think > > > that OpenBSD can handle 400mbps without tweaking. > > > > > > I'm wrong? > > > What am I doing bad? > > > > > > Thank you! > > > > > > > > > > > > > > > > -- > > James Shupe, HermeTek > > developer/ engineer > > BSD/ Linux support & hosting > > jsh...@hermetek.com | www.hermetek.com > > Office 5127922525 | Mobile 5122846350 > > > > > > > > > -- > J. Guillermo Narvaez > @_aran0id
