[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Re: Still dealing with pf performance issues
From:       Henning Brauer <henning () openbsd ! org>
Date:       2007-10-26 10:43:33
Message-ID: 20071026104333.GY29239 () nudo ! bsws ! de
[Download RAW message or body]

* Russell Fulton <r.fulton@auckland.ac.nz> [2007-10-25 07:44]:
> I note that "memory" counter is going up at a rate of 0.1/s.  My
> understanding is that this counter is stepped when pf fails to get
> memory for a state entry but we are no where near the state limit:

it goes up when pf cannot get memory for something, or something that is 
somewhat related to memory.
grep for PFRES_MEMORY in /usr/src/sys/net.
actually, I take that partially back. in 4.2, all PFRES_MEMORY are 
caused by pool_get failures, except one which is a failing m_copym (and 
thus a memory error too).

the state limit is not too related to that. you can see memory shortage 
way below your set state limit.

I'd say chances are good that 4.2 solves that for you. I bet most of 
tehse are from memory allocations for pf tags. They are not allocated 
in 4.2 any more.

> Even more of a worry is the congestion counter is at 0.6/s and worse it

that is not necessarily a problem.
if net.inet.ip.ifq.maxlen is at 50 on your box, 4.2 will solve that too 
:)
(ok. you can just bump it manually too. 4.2 defaults to 256)

-- 
Henning Brauer, hb@bsws.de, henning@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
[prev in list] [next in list] [prev in thread] [next in thread]