I am laughing at my overallocation of memory,
Doing a little math would be good. Thank you for the excellent
info, I will be changing some settings today. Thanks Bill.
-W
On 9/19/07, Bill Marquette <[EMAIL PROTECTED]> wrote:
> With a gig of ram, you'll probably be clear with about 768K states.
> I'm not sure what happens if the kernel decides it needs to
> swap....uhhh...swap out the kernel??? what's left to swap it in? :) I
> predict kernel panic at the point you hit the max allocatable kernel
> memory. Far worse than what an nmap scan will do to you if it fills
> 768k states (set your state expiration to aggressive instead of normal
> - it shouldn't affect "normal" traffic, but will clear out bogus nmap
> states quicker).
>
> --Bill
>
> On 9/19/07, Wade Blackwell <[EMAIL PROTECTED]> wrote:
> > Thanks Gary,
> > I am assuming that the box is not going to push state table info
> > to the disk (too slow). Thanks for that, they may never have made it
> > to 1,000,000 but what a sad day if they did. Thanks again.
> >
> > Wade B
> >
> > On 9/19/07, Gary Buckmaster <[EMAIL PROTECTED]> wrote:
> > > Wade,
> > >
> > > FYI, you don't have enough memory to handle 1,000,000 states. When last
> > > I checked, each state took somewhere between 1k and 3k memory. Having
> > > your maxstates set to 1,000,000 doesn't hurt, but if you actually open
> > > up more states than your box can handle, you'll be a sad panda.
> > >
> > > -Gary
> > >
> > > Wade Blackwell wrote:
> > > > Thanks Sean,
> > > > I will give that a try.
> > > > -W
> > > >
> > > > On 9/18/07, Sean Cavanaugh <[EMAIL PROTECTED]> wrote:
> > > >
> > > >> Upgrade to 1.2-RC2 first and see if that helps. its based on FreeBSD
> > > >> 6.2 as
> > > >> opposed to 6.1 that the 1.0 release was on.
> > > >>
> > > >> -Sean
> > > >>
> > > >>
> > > >> ________________________________
> > > >>
> > > >> > Date: Tue, 18 Sep 2007 08:57:09 -0700
> > > >>
> > > >>> From: [EMAIL PROTECTED]
> > > >>> To: [email protected]
> > > >>> Subject: [pfSense Support] Sluggish network performance
> > > >>>
> > > >>> Good morning,
> > > >>> I am seeing intermittent performance issues, particularly with
> > > >>> samba traffic, between the LAN and DMZ. The machine PF is running AMD
> > > >>> Athlon(tm) processor (950.04-MHz 686-class CPU) with a gig of memory.
> > > >>> The NICS in the box are xl0: 3Com 3c905B-TX, fxp0: Intel 82558
> > > >>> Pro/100, fxp1: <Intel 82557 Pro/100. and dc0: <ADMtek AN985
> > > >>> 10/100BaseTX>. PF version is 1.0-RC1. The rulesets on the box are
> > > >>> almost nothing and the only impacting change is I changed the state to
> > > >>> 1,000,000 maximum connections (they run allot of nmap scans through
> > > >>> the box). I know this is a very general issue and there may not be
> > > >>> enough good information to diagnose it but has anyone seen
> > > >>> intermittent sluggish samba performance through PF? If so was PF the
> > > >>> culprit and what did you do to remedy it? The only errors I saw that
> > > >>> looked related are below. Thanks.
> > > >>>
> > > >>> xl0: tx underrun, increasing tx start threshold to 120 bytes
> > > >>> dc0: TX underrun -- increasing TX threshold
> > > >>> dc0: TX underrun -- increasing TX threshold
> > > >>>
> > > >>> --
> > > >>> Wade Blackwell
> > > >>> "Women don't want to hear what you think, women want to hear what they
> > > >>> think---in a deeper voice" Bill Cosby
> > > >>> "Integrity is often more painful and always more profitable than
> > > >>> perception management"
> > > >>>
> > > >>>
> > > >>>
> > > >> ---------------------------------------------------------------------
> > > >>
> > > >>> To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > >>> For additional commands, e-mail: [EMAIL PROTECTED]
> > > >>>
> > > >>>
> > > >> ________________________________
> > > >> Can you find the hidden words? Take a break and play Seekadoo! Play
> > > >> now!
> > > >>
> > > >
> > > >
> > > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
> > --
> > Wade Blackwell
> > "Women don't want to hear what you think, women want to hear what they
> > think---in a deeper voice" Bill Cosby
> > "Integrity is often more painful and always more profitable than
> > perception management"
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Wade Blackwell
"Women don't want to hear what you think, women want to hear what they
think---in a deeper voice" Bill Cosby
"Integrity is often more painful and always more profitable than
perception management"
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
