tico wrote: > Luiz Gustavo wrote: >> Luiz Gustavo S. Costa wrote: >> >>> exists other maillist for the discussion about this ? >>> >>> dev ? pf ? >>> >>> please, anybody help-me :) >>> >>> 2009/9/28 Luiz Gustavo S. Costa <[email protected]>: >>> >>>> has anyone with the same problem? developers? what could this be? >>>> >>>> 2009/9/26 Luiz Gustavo S. Costa <[email protected]>: >>>> >>>>> Hi people, >>>>> >>>>> Look the interrupt... >>>>> >>>>> # top >>>>> load averages: 2.08, 2.62, 1.93 >>>>> 19:37:09 >>>>> 23 processes: 2 running, 19 idle, 2 on processor >>>>> CPU0 states: 1.0% user, 0.0% nice, 3.8% system, 95.2% >>>>> interrupt, 0.0% idle >>>>> CPU1 states: 4.3% user, 0.0% nice, 41.3% system, 30.4% interrupt, >>>>> 23.9% idle >>>>> Memory: Real: 15M/165M act/tot Free: 832M Swap: 0K/5120M used/tot >>>>> >>>>> Very rules of the "rdr", this interrupt stay on high load >>>>> >>>>> Normal operation: >>>>> # pfctl -sn | grep rdr | wc -l >>>>> 10 >>>>> >>>>> With apply the my custom "rdr": >>>>> # pfctl -sn | grep rdr | wc -l >>>>> 672 >>>>> >>>>> basically, i made one rdr for each ip, with below: >>>>> rdr pass on vlan30 proto tcp from " . $cliente['ip'] . " to any port >>>>> 21 tag ftp_" . $nome . " -> 127.0.0.1 port 8021 >>>>> >>>>> the "tag" parameter is for queue control of ftp connection >>>>> >>>>> on the freebsd box, this rules works perfectly >>>>> >>>>> any solution ? >>>>> >>>>> 2009/9/25 Luiz Gustavo S. Costa <[email protected]>: >>>>> >>>>>> Hi all, >>>>>> >>>>>> Ok, problem resolved !!! >>>>>> >>>>>> Rules with very "log" configuration, the interface pflog was generate >>>>>> this high load on interrupt >>>>>> >>>>>> Now, server in production: >>>>>> # uptime >>>>>> 12:23PM up 11 days, 2:16, 3 users, load averages: 0.11, 0.23, 0.48 >>>>>> >>>>>> #top >>>>>> load averages: 0.13, 0.23, 0.47 >>>>>> 12:24:04 >>>>>> 22 processes: 21 idle, 1 on processor >>>>>> CPU0 states: 0.0% user, 0.0% nice, 0.0% system, 36.9% >>>>>> interrupt, 63.1% idle >>>>>> CPU1 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% >>>>>> interrupt, 100% idle >>>>>> >>>>>> # uname -mprsv >>>>>> OpenBSD 4.5 GENERIC.MP#0 i386 Intel(R) Pentium(R) 4 CPU 3.00GHz >>>>>> ("GenuineIntel" 686-class) >>>>>> >>>>>> Migration from one Freebsd >>>>>> >>>>>> - with Trunk + Vlan + Carp >>>>>> - Altq (hfsc hack on HFSC_MAX_CLASSES) over Vlan >>>>>> >>>>>> nice firewall !!!! >>>>>> >>>>>> 2009/9/17 Luiz Gustavo S. Costa <[email protected]>: >>>>>> >>>>>>> Hi guys ! >>>>>>> >>>>>>> I have one installation of OpenBSD 4.5 with this configuration >>>>>>> (network): >>>>>>> >>>>>>> (em0 and em1) > trunk0 > vlan[10,30,40,63,65] > carp[10,30,40,63,65] >>>>>>> >>>>>>> Ok, this configuration is running perfect ! >>>>>>> >>>>>>> But, >>>>>>> With traffic on the scenario the cpu is go for down .... i have one >>>>>>> pentium 4 with 2 core, 1 core with 2% idle and 88% of interrupt and >>>>>>> the other core with 40% of interrupt. >>>>>>> >>>>>>> ALTQ performance is poor because CPU is high load >>>>>>> >>>>>>> I migration this scenario of one freebsd (with lagg and vlan, not >>>>>>> carp) with load average good (no used device polling) >>>>>>> >>>>>>> my configs: >>>>>>> >>>>>>> [r...@fw2 /usr/src]# sysctl kern.version >>>>>>> kern.version=OpenBSD 4.5-stable (GENERIC.MP) #0: Fri Sep 11 >>>>>>> 15:34:39 BRT 2009 >>>>>>> [email protected]:/usr/src/sys/arch/i386/compile/GENERIC.MP >>>>>>> >>>>>>> [r...@fw2 /usr/src]# pcidump | grep 'Intel PRO' >>>>>>> 6:2:0: Intel PRO/1000GT (82541GI) >>>>>>> 6:3:0: Intel PRO/1000GT (82541GI) >>>>>>> >>>>>>> [r...@fw2 /usr/src]# sysctl hw.model >>>>>>> hw.model=Intel(R) Pentium(R) 4 CPU 3.00GHz ("GenuineIntel" >>>>>>> 686-class) >>>>>>> [r...@fw2 /usr/src]# sysctl hw.ncpu >>>>>>> hw.ncpu=2 >>>>>>> >>>>>>> thanks guy's ! >>>>>>> >>>>>>> >> >> please, anybody with this problem ? help-me theo ! ;) >> >> > you're not providing very much information about the steps you have > already taken to troubleshoot this. > > start with the simplest ruleset, and add rules under the same traffic > load until you find the one(s) that make your box slow. see if you can > consolidate redundant rules into simpler ones. use tables. > > -t > >> -- >> Luiz Gustavo Costa (Powered by BSD) >> *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ >> mundoUnix - Consultoria em Software Livre >> http://www.mundounix.com.br >> ICQ: 2890831 / MSN: [email protected] >> >> >
Hi, look this: >>>>> Normal operation: >>>>> # pfctl -sn | grep rdr | wc -l >>>>> 10 >>>>> >>>>> With apply the my custom "rdr": >>>>> # pfctl -sn | grep rdr | wc -l >>>>> 672 >>>>> >>>>> basically, i made one rdr for each ip, with below: >>>>> rdr pass on vlan30 proto tcp from " . $cliente['ip'] . " to any port >>>>> 21 tag ftp_" . $nome . " -> 127.0.0.1 port 8021 >>>>> >>>>> the "tag" parameter is for queue control of ftp connection How to use tables for tags ? i need for apply queue on the rules. thanks for you reply. -- Luiz Gustavo Costa (Powered by BSD) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ mundoUnix - Consultoria em Software Livre http://www.mundounix.com.br ICQ: 2890831 / MSN: [email protected]
