[FreeBSD] tcpip socket speed (v: fbsd 4.2, transparent proxy)

DaP dap at mail.index.hu
2001. Jan. 29., H, 14:45:07 CET 

 most epp ki van kapcsolva a lancbol, de ha kell runtime infokat igy
gyujtok..  es elore is bocsi a hosszu levelert


 * netstat -m
68/10128/18432 mbufs in use (current/peak/max):
	65 mbufs allocated to data
	3 mbufs allocated to packet headers
64/4608/4608 mbuf clusters in use (current/peak/max)
11748 Kbytes allocated to network (84% of mb_map in use)
23029 requests for memory denied
79 requests for memory delayed
0 calls to protocol drain routines

 apropo, mi is ez az mbuf?  sajna most nincs idom a forrasba belefojni


 * netstat -s
tcp:
	2752490 packets sent
		1418043 data packets (1390598338 bytes)
		126951 data packets (123345861 bytes) retransmitted
		7 resends initiated by MTU discovery
		1009153 ack-only packets (425415 delayed)
		0 URG only packets
		1850 window probe packets
		30823 window update packets
		165670 control packets
	2698224 packets received
		1321853 acks (for 1357048529 bytes)
		236088 duplicate acks
		36780 acks for unsent data
		858910 packets (593222169 bytes) received in-sequence
		90125 completely duplicate packets (5539853 bytes)
		0 old duplicate packets
		33 packets with some dup. data (4135 bytes duped)
		59559 out-of-order packets (24101 bytes)
		108636 packets (55284 bytes) of data after window
		55284 window probes
		39078 window update packets
		1630 packets received after close
		362 discarded for bad checksums
		0 discarded for bad header offset fields
		0 discarded because packet too short
	23436 connection requests
	189484 connection accepts
	25757 bad connection attempts
	14622 listen queue overflows
	198073 connections established (including accepts)
	212926 connections closed (including 90498 drops)
		14941 connections updated cached RTT on close
		14941 connections updated cached RTT variance on close
		9359 connections updated cached ssthresh on close
	30 embryonic connections dropped
	1086199 segments updated rtt (of 1221769 attempts)
	141279 retransmit timeouts
		2764 connections dropped by rexmit timeout
	2346 persist timeouts
		15 connections dropped by persist timeout
	321 keepalive timeouts
		1 keepalive probe sent
		320 connections dropped by keepalive
	89137 correct ACK header predictions
	654591 correct data packet header predictions
udp:
	9320 datagrams received
	0 with incomplete header
	0 with bad data length field
	0 with bad checksum
	2 dropped due to no socket
	7711 broadcast/multicast datagrams dropped due to no socket
	0 dropped due to full socket buffers
	0 not for hashed pcb
	1607 delivered
	1610 datagrams output
ip:
	6361183 total packets received
	0 bad header checksums
	0 with size smaller than minimum
	1 with data size < data length
	0 with ip length > max ip packet size
	0 with header length < data size
	0 with data length < header length
	0 with bad options
	0 with incorrect version number
	0 fragments received
	0 fragments dropped (dup or out of space)
	0 fragments dropped after timeout
	0 packets reassembled ok
	2710373 packets for this host
	4046 packets for unknown/unsupported protocol
	3645093 packets forwarded (0 packets fast forwarded)
	1506 packets not forwardable
	0 packets received for unknown multicast group
	0 redirects sent
	2787538 packets sent from this host
	0 packets sent with fabricated ip header
	0 output packets dropped due to no bufs, etc.
	0 output packets discarded due to no route
	0 output datagrams fragmented
	0 fragments created
	0 datagrams that can't be fragmented
	0 tunneling packets that can't find gif
icmp:
	166 calls to icmp_error
	0 errors not generated 'cuz old message was icmp
	Output histogram:
		echo reply: 122
		destination unreachable: 2
		time exceeded: 164
	0 messages with bad code fields
	0 messages < minimum length
	2679 bad checksums
	0 messages with bad length
	0 multicast echo requests ignored
	0 multicast timestamp requests ignored
	Input histogram:
		echo reply: 13
		destination unreachable: 3166
		source quench: 2
		echo: 122
		time exceeded: 887
	122 message responses generated
	ICMP address mask responses are disabled


 * az ide vonatkozo kernel konfig reszek:
machine		i386
cpu		I386_CPU
cpu		I486_CPU
cpu		I586_CPU
cpu		I686_CPU
ident		GENERIC
maxusers	256

options 	MATH_EMULATE		#Support for x87 emulation
options 	INET			#InterNETworking
options 	INET6			#IPv6 communications protocols
options 	FFS			#Berkeley Fast Filesystem
options 	FFS_ROOT		#FFS usable as root device [keep
						this!]
options 	SOFTUPDATES		#Enable FFS soft updates support
options 	MFS			#Memory Filesystem
options 	MD_ROOT			#MD is a potential root device
options 	NFS			#Network Filesystem
options 	NFS_ROOT		#NFS usable as root device, NFS
						required
options 	MSDOSFS			#MSDOS Filesystem
options 	CD9660			#ISO 9660 Filesystem
options 	CD9660_ROOT		#CD-ROM usable as root, CD9660
						required
options 	PROCFS			#Process filesystem
options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP
						THIS!]
options 	SCSI_DELAY=5000		#Delay (in ms) before probing SCSI
options 	UCONSOLE		#Allow users to grab the console
options 	USERCONFIG		#boot -c editor
options 	VISUAL_USERCONFIG	#visual boot -c editor
options 	KTRACE			#ktrace(1) support
options 	SYSVSHM			#SYSV-style shared memory
options 	SYSVMSG			#SYSV-style message queues
options 	SYSVSEM			#SYSV-style semaphores
options 	P1003_1B		#Posix P1003_1B real-time
						extensions
options 	_KPOSIX_PRIORITY_SCHEDULING
options		ICMP_BANDLIM		#Rate limit bad replies
options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev

options 	EXT2FS			# dap
options 	IPFIREWALL		#firewall
options 	IPFIREWALL_VERBOSE	#print information about
					# dropped packets
options 	IPFIREWALL_FORWARD	#enable transparent proxy support
options 	IPFIREWALL_VERBOSE_LIMIT=100	#limit verbosity
options 	IPFIREWALL_DEFAULT_TO_ACCEPT	#allow everything by
						default
options 	IPDIVERT		#divert sockets
options 	IPFILTER		#ipfilter support
options 	IPFILTER_LOG		#ipfilter logging
options 	IPSTEALTH		#support for stealth forwarding


# To make an SMP kernel, the next two are needed
#options 	SMP			# Symmetric MultiProcessor Kernel
#options 	APIC_IO			# Symmetric (APIC) I/O


On Mon, 29 Jan 2001, Egervary Gergely wrote:
> >  szal' ez a freebsd egy viszonylag nagy latogatottsagu portal elott lenne
> > reverse proxy, h a kismillio statikus tartalommal ne az apache kuzdjon..
> > szamszeruen kb 200 keres masodpercenkent, kb 2000 allando TCP kapcsolat es
> > NAT bejegyzes ('ipnat -s' 15000 aktiv bejegyzest mond)..
> >  nekem ugy tunik h a fbsd 4.2 nem birja a gyurodest, interrupt es system
> > load az egekben, a usernek csak kb 10% cpu ido marad tevekenykedni..
> > kerdes h lehet-e ezt tuningolni ugy, h nagysagrendekkel gyorsabb legyen,
> > vagy az fbsd tcpip layer-e elvbol lassabb mint a 2.4-es linuxe?  (a linux
> > 2.2 ugyanugy megnyekken a system load alatt)
> 
> yaaay. (FreeBSD VM-et _agressziven_ baromi regen berheltem :)
> 
> szoval: kellene info (kernel config, elsosorban VM-re vonatkozo reszek,
> stb)


kofi,
--
  DaP

További információk a(z) BSD levelezőlistáról