What can be done to optimize obsd 7.2 running on top of ESXi 7 with 7 vmx "phys" ifs 3 em "phys" ifs 22 virtual ifs
Very simply pf ruleset - the box is only running VPN solution between two sites up against a similar configured obsd 7.2 I came across https://calomel.org/network_performance.html which has a section concerning obsd 5.1 "and later" - is this also valid for 7.2? I did implement the suggestions adapted to the setup, but I can't really see any noticeable difference. I configured the box with 8 vCPUs and 8 gig RAM and after running for some time getting more and more load, I started to face massive package loss both for packages between the two sites but also from the obsd and to the rest of the world. CPU was far from reaching any critical level and loads of memory left I downscaled from 8 to 4 vCPUs and from 8 to 4 gig RAM - and the two obsd now seems to hold the packages decently. But for instance when pinging 1.1.1.1, I sometimes get: # ping 1.1.1.1 PING 1.1.1.1 (1.1.1.1): 56 data bytes ping: sendmsg: Permission denied ping: wrote 1.1.1.1 64 chars, ret=-1 ping: sendmsg: Permission denied ping: wrote 1.1.1.1 64 chars, ret=-1 ping: sendmsg: Permission denied ping: wrote 1.1.1.1 64 chars, ret=-1 64 bytes from 1.1.1.1: icmp_seq=3 ttl=61 time=0.826 ms 64 bytes from 1.1.1.1: icmp_seq=4 ttl=61 time=0.797 ms 64 bytes from 1.1.1.1: icmp_seq=5 ttl=61 time=0.799 ms Some permissions denied and then it continues to ping Sometimes when trying to ping a FQDN, I get: ping: no address associated with name as it cannot resolve the name The name is of course registered correctly in DNS. We are planning to put even more load on the setup, but I am not sure that it is a good idea The ESX server has hyperthreading enabled.There are many discussions about this, and what I can summarize is that apart from a security perspective, hyperthreading should be left enabled How to get better performance? Regards, Lars.
