nat / rdr timeouts?

Stephane Raimbault segr at hotmail.com
Tue Mar 8 03:02:11 GMT 2005 


>From: Max Laier <max at love2party.net>
>To: freebsd-pf at freebsd.org
>CC: "Stephane Raimbault" <segr at hotmail.com>, daniel at benzedrine.cx
>Subject: Re: nat / rdr timeouts?
>Date: Tue, 8 Mar 2005 01:52:05 +0100
>
>On Tuesday 08 March 2005 01:28, Stephane Raimbault wrote:
> > Okay, I setup an OpenBSD 3.6 box with pf today as a test and I can not
> > replicate the problem with OpenBSD.
> >
> > In fact, running the ab test returned MUCH beter results in terms of 
>times
> > to return the page and according to top the cpu barely budged when 
>running
> > the test on the openbsd pf box.  However running top on the freebsd pf 
>box
> > I clearly see a spike in cpu traffic as the cpu idle drops to 0% for a
> > second.
> >
> >
> > I'm currently running RELENG_5 on the freebsd box from this weekend... 
>are
> > there some debugging stuff turned on in the kernel that would explain 
>the
> > performance diffrence?
> >
> > I tried to replicate the test as closely as possible however there are 
>some
> > subtle diffrences in my test.
> >
> > OpenBSD test
> >
> > PowerBook laptop (running ab) to an IP on the local network (openbsd ext
> > interface (vlan0)) thru to the same openbsd box int interface (vlan1) to
> > the web servers (10.0.11.16 and 10.0.11.17).
> >
> > FreeBSD Test
> >
> > IBM server running freebsd (ab) to an IP on it's local network (freebsd 
>ext
> > interface (em0) thru to the same freebsd box int interface (em1) to the 
>web
> > severs (10.0.11.16 and 10.0.11.17).
> >
> > network wise it should be pretty much the same.  The only thing that 
>came
> > to mind, maybe it's because the powerbook is a better box then the IBM
> > server running freebsd ?  but then seeing the CPU idle time and 
>comparing
> > the Freebsd +pf and the OpenBSD +pf being so diffrent... I ponder my
> > question.
> >
> >
> > Hope this makes sense.  Let me know if there is any other data I can
> > provide ?
>
>I don't fully understand how your setup looks like.  Where are you running 
>ab
>from?  Is there a dedicated box you run it on or are you running it on/from
>the redirecting box itself?  Could you get the following setup realized:
>
>              /----- OpenBSD ----\        WWW_1
>              |                  |      / WWW_2
>ab Client ---+                  +-----+-  ...
>              |                  |      \ WWW_N
>              \----- FreeBSD ----/
>

I don't know why I didn't setup my test like this in the first place... it 
was pretty easy for me to set this up... Anyhow I've set this up now.

And now that I have re run the tests... may I say "ARGH!" :)

So yes... same problem when running the test on the OpenBSD + pf then I was 
getting on the FreeBSD + pf.  But so what does this mean... I'm hitting a 
bug on my FreeBSD box I'm running the ab test from?

>It does not matter (too much) how the gateways are connected to the client 
>and
>the servers, what matters is that the client and the servers are the same 
>for
>both tests.  I suspect that (if you were running ab from the FreeBSD 
>server)
>you discovered a bug in FreeBSD's socket/tcp code much rather than in pf.
>Please let me know if I misunderstood something and explain your test setup
>with a bit more detail.
>
>Thanks a lot in advance.
>
><snipp - it is linewarpping as hell, anyway>
>
>--
>/"\  Best regards,                      | mlaier at freebsd.org
>\ /  Max Laier                          | ICQ #67774661
>  X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
>/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
><< attach3 >>

_________________________________________________________________
Don't just Search. Find! http://search.sympatico.msn.ca/default.aspx The new 
MSN Search! Check it out!

More information about the freebsd-pf mailing list