PFsense can't do above 90k pps? Is there anything to improve pps performance?
-
Well the first you should start with is the icmp tweaking.
After that start with increasing with ip input queue tweaking. This are all sysctl that help you get higher pps.
I would recommend even trying a 1.2.1 install to get things better though i am talkin in air here since it would be nice to see some detailed stats before. -
@ermal:
Well the first you should start with is the icmp tweaking.
After that start with increasing with ip input queue tweaking. This are all sysctl that help you get higher pps.
I would recommend even trying a 1.2.1 install to get things better though i am talkin in air here since it would be nice to see some detailed stats before.How?
At least point me to something for reference please.
for example willkern.ipc.nmbclusters=32768
will do good for me ?
-
I tried 1.2.1RC1 Latest snapshot today.
And whatever I did my transparent bridge did not work as expected.
After everything was setup my bridge allows traffic from inside to outside but whatever firewall rule I tried I can't make it work from outside to inside.
I guess this is some bug with the snapshot image I used.
Will try 1.2.1 when it's released later.Now I have to stick with 1.2 release and 90k max pps problem is still here.
I need a little word from the developers please. Please somebody say me 90k is what you can get most.
Then I'll try something else. even will buy a hardware firewall.. -
Not that I doubt what you are seeing, but I'd like to see some controlled tests. In theory (which I know is not real world), 1.2 should be able to do much better. See http://www.tancsa.com/blast.html The older versions of m0n0 use 4.x, which is still a very fast stack. I expect 7.x (1.2.1/1.3) will come close to the 4.x levels.
Were you seeing any problems on the network when this was happening? -
Network setup is very basic
ISP ==> SWITCH1 ==> PFSENSE ==> ROUTER ==>SWITCH2 ==>SERVERS
I read traffic from switch1 using prtg on a private port.
When I see 100Mbps incoming with 120k pps on my switch1I read 42Mbps 90k pps on my pfsense.
That's the problem.
Pfsense machine does not lag or lock down. Cpu %60 at most. ram %40. GUI works very fast and normal.
Any Idea? -
I also want to add that I already tried m0n0wall.
But because of hardware problems I can't use it.
My hardware is quite new. Mono does not work with it. -
Double check your net.inet.ip.fastforwarding. IIRC, this gets turned off under certain configurations, like when you are running IPSec…
-
-
-
