On 16.8.2017. 19:55, Juan Guillermo Narvaez wrote: > Hello everyone! > > I'm relative new using OpenBSD, I have just 4 years using this OS for dhcp > servers. > Today I have the mission of implement this OS in a cablemodem headend, in > my first try I get negative results with this rules: > > *pass all flags S/SA* > > *#LAN* > *match out log on bge0 inet from 192.168.254.0/24 <http://192.168.254.0/24> > to any nat-to 200.91.35.55* > *pass on bge0 inet from 192.168.254.0/24 <http://192.168.254.0/24> to any > flags S/SA* > *#CPE Network* > *match out on bge0 inet from 172.21.0.0/19 <http://172.21.0.0/19> to any > nat-to 200.91.35.55* > *pass on bge0 inet from 172.21.0.0/19 <http://172.21.0.0/19> to any flags > S/SA* > > This is a basic PF that I use for this try, the CPE network has 900 active > customers. > When I put the whole customer network traffic through my OpenBSD router the > traffic tend to fall slowly and the LAN network is really slow too. I read > about a lot of 'tweaks' the high performance configurations but I think > that OpenBSD can handle 400mbps without tweaking. > > I'm wrong? > What am I doing bad? > > Thank you! > > > >
could you send dmesg, cat /etc/sysctl.conf and sysctl | grep ifq i'm having 2 old Dell R610 with 2 x E5630 cpu and bcm5709 nic's in very standard pf,carp,pfsync,pflow setup and on top of that i'm logging everything. boxes are doing cca 100k states and having around 2k hosts behind them ... of course that i'm running -current :)
