David Higgs ha scritto:
On Feb 12, 2008 8:37 PM, raven <[EMAIL PROTECTED]> wrote:
Ted Unangst ha scritto:
On 2/12/08, Darren Spiteri <[EMAIL PROTECTED]> wrote:
I don't know why or how this poorly documented sysctl works, but the
result speaks for itself. Note the dramatic throu
* G|nter Zimmermann <[EMAIL PROTECTED]> [2008-02-13 08:04]:
> I assumed that the ability to send and receive TCP packets
> with high performance were a pre-condition for high routing
> performance.
this is totally wrong. send/recv is very very different from
forwarding. don't draw conclusions on
* David Higgs <[EMAIL PROTECTED]> [2008-02-13 04:40]:
> On Feb 12, 2008 9:44 PM, Darren Spiteri <[EMAIL PROTECTED]> wrote:
> > On Feb 13, 2008 11:47 AM, NetOne - Doichin Dokov <[EMAIL PROTECTED]> wrote:
> > > Could we have a look at those numbers, in fact?
> > From the parent:
> > "In the next step
* raven <[EMAIL PROTECTED]> [2008-02-13 02:54]:
> Ted Unangst ha scritto:
>> On 2/12/08, Darren Spiteri <[EMAIL PROTECTED]> wrote:
>>> I don't know why or how this poorly documented sysctl works, but the
>>> result speaks for itself. Note the dramatic throughput increase of the
>>> parent.
>> runni
* Darren Spiteri <[EMAIL PROTECTED]> [2008-02-13 00:59]:
> On Feb 13, 2008 1:40 AM, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> > On 2008/02/13 01:04, Darren Spiteri wrote:
> > > Try tweaking this sysctl: net.inet.tcp.recvspc
> > >
> > > Give it sysctl -w net.inet.tcp.recvspace=262144 and run you
On 2008/02/13 15:21, Darren Spiteri wrote:
> Now we're just getting into semantics. It is not uncommon for a
> firewall to operate on layer 7, even with OpenBSD,
"firewall" means many things but note that the subject line talks
about "routing firewall" and the message doesn't say anything about
ru
Zitat von Darren Spiteri <[EMAIL PROTECTED]>:
On Feb 13, 2008 2:28 PM, David Higgs <[EMAIL PROTECTED]> wrote:
Unless I'm massively wrong about what net.inet.tcp.* is used for, this
indicates that the parent was NOT testing throughput as one would
typically define it for a router/firewall. He w
On Feb 12, 2008 11:21 PM, Darren Spiteri <[EMAIL PROTECTED]> wrote:
> Now we're just getting into semantics. It is not uncommon for a
> firewall to operate on layer 7, even with OpenBSD, considering that an
> essential component of PF is ftp-proxy. What you call a firewall I
> call a screen-router
On Feb 13, 2008 2:28 PM, David Higgs <[EMAIL PROTECTED]> wrote:
> Unless I'm massively wrong about what net.inet.tcp.* is used for, this
> indicates that the parent was NOT testing throughput as one would
> typically define it for a router/firewall. He was testing his box's
> ability to send and r
On Feb 13, 2008 2:12 PM, bofh <[EMAIL PROTECTED]> wrote:
> On Feb 12, 2008 9:47 PM, Darren Spiteri <[EMAIL PROTECTED]> wrote:
> > Firewalls that have proxy software operate as both client and server.
>
>
> This is now going into the silly place. David Higgs told you what is the
> definition of net
On Feb 12, 2008 9:44 PM, Darren Spiteri <[EMAIL PROTECTED]> wrote:
> On Feb 13, 2008 11:47 AM, NetOne - Doichin Dokov <[EMAIL PROTECTED]> wrote:
>
> > Could we have a look at those numbers, in fact?
>
>
> From the parent:
>
> "In the next step I increased the value for net.inet.tcp.recvspace and
>
On Feb 12, 2008 9:47 PM, Darren Spiteri <[EMAIL PROTECTED]> wrote:
> On Feb 13, 2008 1:36 PM, David Higgs <[EMAIL PROTECTED]> wrote:
> > What's your definition of "network performance?"
>
> What's your delineation between a firewall and a router?
>
> > I believe Ted's point is that receiving and s
On Feb 13, 2008 1:36 PM, David Higgs <[EMAIL PROTECTED]> wrote:
> What's your definition of "network performance?"
What's your delineation between a firewall and a router?
> I believe Ted's point is that receiving and sending packets (i.e.
> using it as an endpoint) is the job of a server, not a
On Feb 13, 2008 11:47 AM, NetOne - Doichin Dokov <[EMAIL PROTECTED]> wrote:
> Could we have a look at those numbers, in fact?
>From the parent:
"In the next step I increased the value for net.inet.tcp.recvspace and
net.inet.tcp.sendspace to 262144 and that had big impact on the network
throughp
On Feb 12, 2008 8:37 PM, raven <[EMAIL PROTECTED]> wrote:
> Ted Unangst ha scritto:
> > On 2/12/08, Darren Spiteri <[EMAIL PROTECTED]> wrote:
> >
> >> I don't know why or how this poorly documented sysctl works, but the
> >> result speaks for itself. Note the dramatic throughput increase of the
> >
Ted Unangst ha scritto:
On 2/12/08, Darren Spiteri <[EMAIL PROTECTED]> wrote:
I don't know why or how this poorly documented sysctl works, but the
result speaks for itself. Note the dramatic throughput increase of the
parent.
running netperf on a firewall is a poor test of forwarding p
I don't agree, considering that OpenBSD firewalls often run ftp-proxy
and other layer 7 relays such as hoststated and squid. You may be
right that this is a red-herring in the qualified bare-bones router
config, but it answered the parent poster's question.
On Feb 13, 2008 11:45 AM, Ted Unangst <[
Darren Spiteri ??:
On Feb 13, 2008 11:08 AM, Ted Unangst <[EMAIL PROTECTED]> wrote:
On 2/12/08, Darren Spiteri <[EMAIL PROTECTED]> wrote:
This is irrelevant on a firewall/router.
Sorry, you are wrong. I can achieve much higher throughput per
connected state by tweaking rec
On 2/12/08, Darren Spiteri <[EMAIL PROTECTED]> wrote:
> I don't know why or how this poorly documented sysctl works, but the
> result speaks for itself. Note the dramatic throughput increase of the
> parent.
running netperf on a firewall is a poor test of forwarding performance.
On Feb 13, 2008 11:08 AM, Ted Unangst <[EMAIL PROTECTED]> wrote:
> On 2/12/08, Darren Spiteri <[EMAIL PROTECTED]> wrote:
> > > This is irrelevant on a firewall/router.
> >
> > Sorry, you are wrong. I can achieve much higher throughput per
> > connected state by tweaking recvspace and sendspace.
>
>
On 2/12/08, Darren Spiteri <[EMAIL PROTECTED]> wrote:
> > This is irrelevant on a firewall/router.
>
> Sorry, you are wrong. I can achieve much higher throughput per
> connected state by tweaking recvspace and sendspace.
then your firewall isn't just a firewall or your measurements were
done incor
On Feb 13, 2008 1:40 AM, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> On 2008/02/13 01:04, Darren Spiteri wrote:
> > Try tweaking this sysctl: net.inet.tcp.recvspc
> >
> > Give it sysctl -w net.inet.tcp.recvspace=262144 and run your tests.
> > Tweak it down from there.
>
> This is irrelevant on a
G|nter wrote:
At first, thanks a lot for your responses. According to infos I found
in the list archive I changed the values for net.inet.ip.ifq.* as follows
net.inet.ip.ifq.maxlen=1024 (256 * number nics)
net.inet.ip.ifq.drops=0
net.inet.ip.ifq.len=0
This had no effect on the network throughput
At first, thanks a lot for your responses. According to infos I found in
the list archive I changed the values for net.inet.ip.ifq.* as follows
net.inet.ip.ifq.maxlen=1024 (256 * number nics)
net.inet.ip.ifq.drops=0
net.inet.ip.ifq.len=0
This had no effect on the network throughput.
In the next
On 2008/02/13 01:04, Darren Spiteri wrote:
> Try tweaking this sysctl: net.inet.tcp.recvspc
>
> Give it sysctl -w net.inet.tcp.recvspace=262144 and run your tests.
> Tweak it down from there.
This is irrelevant on a firewall/router.
> > I have been using openbsd as router and firewall for severa
Try tweaking this sysctl: net.inet.tcp.recvspc
Give it sysctl -w net.inet.tcp.recvspace=262144 and run your tests.
Tweak it down from there.
On 2/12/08, "G|nter Zimmermann" <[EMAIL PROTECTED]> wrote:
> I have been using openbsd as router and firewall for several years without
problems to do rout
G|nter Zimmermann wrote:
> Hi all,
>
> I have been using openbsd as router and firewall for several
> years without problems to do routing between four networks
> ethernet, ipv4) using 100 Mbit/s nics. After upgrading network
> infrastructure to 1000Mbit/s the network throughput is not as
> expec
Hi all,
I have been using openbsd as router and firewall for several years without
problems to do routing between four networks (ethernet, ipv4) using 100 Mbit/s
nics. After upgrading network infrastructure to 1000Mbit/s the network
throughput is not as expected. I expected a throughput around
28 matches
Mail list logo
