Should I switch to 64-bit ?
-
I have a pfSense (2.0-RC1 (i386) built on Mon Mar 28 16:37:49 EDT 2011 ) on i3-550 processor with 4GB RAM serving around 45-50 users. I was under the impression that all 4GB was being used by pfSense. I just now checked the system activity to find below which says Mem: 2047 Active
Mem: 2047M Active, 506M Inact, 203M Wired, 32K Cache, 112M Buf, 610M Free
Swap: 8192M Total, 8192M FreeSo, is my pfsense using just 2GB? I am running Snort, Squid, Squid Guard, HAVP and BandwithdD for now and coz of Snort I am close to 87% to 90% of memory usage and sometimes its goes higher than that.
Should I switch to the 64-bit version? Is the amd64 the right version to use for an Intel box?
Will all the apps work in the 64-bit version?
-
If you look at your boot messages you'll see that it's ignoring everything above a certain value, usually 3GB. There's not really any reason that I'm aware of not to use amd64, and it is compatible with current Intel CPUs.
-
OK. so I installed the 64bit version. Now its looks like this..
Mem: 1915M Active, 719M Inact, 317M Wired, 608K Cache, 391M Buf, 728M Free
Swap: 8192M Total, 8192M FreeHow am I doing? Is it using all 4GB?
-
If you really want to find out what memory you have and how it is being used then try the following setup that is used on a lot of FreeBSD systems.
Drop to a command shell and type
pkg_add -r perl
fetch http://www.cyberciti.biz/files/scripts/freebsd-memory.pl.txt
mv freebsd-memory.pl.txt /usr/local/bin/free
chmod +x /usr/local/bin/freerehash
free
Then you should get an output similar to that below
SYSTEM MEMORY INFORMATION:
mem_wire: 349761536 ( 333MB) [ 2%] Wired: disabled for paging out
mem_active: + 403329024 ( 384MB) [ 3%] Active: recently referenced
mem_inactive:+ 26632192 ( 25MB) [ 0%] Inactive: recently not referenced
mem_cache: + 81920 ( 0MB) [ 0%] Cached: almost avail. for allocation
mem_free: + 11679174656 ( 11138MB) [ 93%] Free: fully available for allocation
mem_gap_vm: + 606208 ( 0MB) [ 0%] Memory gap: UNKNOWN
–------------ ------------ ----------- ------
mem_all: = 12459585536 ( 11882MB) [100%] Total real memory managed
mem_gap_sys: + 394297344 ( 376MB) Memory gap: Kernel?!
–------------ ------------ -----------
mem_phys: = 12853882880 ( 12258MB) Total real memory available
mem_gap_hw: + 31019008 ( 29MB) Memory gap: Segment Mappings?!
mem_hw: = 12884901888 ( 12288MB) Total real memory installed
SYSTEM MEMORY SUMMARY:
mem_used: 1179013120 ( 1124MB) [ 9%] Logically used memory
mem_avail: + 11705888768 ( 11163MB) [ 90%] Logically available memory
–------------ ------------ ----------- ------
mem_total: = 12884901888 ( 12288MB) [100%] Logically total memory -
Ohh thats cool. Will try this out. Thank you !
-
Not sure if its the install or the 64-bit image but system's response has been extremely sluggish since the move from i386. Exactly the same config, nothing has changed except the build version from i386 to 64-bit. The whole network has slowed down even simple internet browsing has become a pain.
Thinking of switching back to i386 build.
Anyone has seen similar performance issues with the 64-bit version?
-
Something is awry with your system then. I installed on very similar hardware a month or two back (I believe I shared my parts list when you were shopping), and I found that system to be nearly instantaneous with anything I tried to do with it.
I did see my routing throughput jump from 100-300 mbps to 950 mbps when the yandex drivers were introduced. I understand those have been pulled in later builds. Maybe the Intel em driver is giving you grief?
My home system runs on an Atom D510 and although the UI is a little slow compared to the i5, I have no complaints, and routing performance is enough for what I'm doing with it.
-
I should have asked you to describe the slowness you're seeing in more detail. Is it the UI? poor routing throughput? Something else? Have a look at this thread here to see if it might be something you're experiencing:
http://forum.pfsense.org/index.php/topic,34839.0.html
-
Are you on a 64-bit snapshot?
I just installed the i386 back and my network is flying again. Could it be something to do with i5 processor or RAM drivers? I want to get the most of the system with full 4GB RAM. I am thinking of upgrading the RAM to 6 or 8GB later down the line as more users start coming on to this network.
BTW what are the vandex drivers for?
-
Yandex is a company that made some modifications to Intel's em NIC driver. There were issues with the em driver in 1.2.3 and the Yandex drivers were used to help resolve these. There were more issues with the em driver in the 2.0 betas, so the Yandex drivers were pulled in, then pushed out again. On the Intel mini-ITX board I was using, the onboard Intel GBE had poor throughput on em, but did well when the switch was made to Yandex. I don't have that hardware any more, so I don't know if the old issues would have returned with the em driver or not.
-
I see.
I will reinstall 64-bit again tonight and wont add Squid, Snort and others for now and see how it performs.
-
Yandex is a company that made some modifications to Intel's em NIC driver. There were issues with the em driver in 1.2.3 and the Yandex drivers were used to help resolve these. There were more issues with the em driver in the 2.0 betas, so the Yandex drivers were pulled in, then pushed out again. On the Intel mini-ITX board I was using, the onboard Intel GBE had poor throughput on em, but did well when the switch was made to Yandex. I don't have that hardware any more, so I don't know if the old issues would have returned with the em driver or not.
I sure as heck hope not! I just got my 3 port Intel gigabit daughterboard today for my Jetway motherboard that is on its way and I'll cry if I paid $30 more for the Intel one that was supposed to be better with pfsense than the much cheaper Realtek one! lol
Bill -
I believe the switch away from yandex happened on or about March 16, so if you see issues with the latest snaps you might try rolling back to early March, but be sure to report any issues you have.
-
My both network cards are Realtek. I ordered a HP Broadcom Gigabit NIC but that wont negotiate to 1000Mbit. No matter what I tried it would connect only at 100Mbps with the Netgear switch. So I go another Realtek gigabit and it works just fine like the onboard one.
Shoud I switch to Intel? I haven't seen a huge performance issue yet (on i386 build) with the Realtek NIC.
-
I wouldn't go out and buy Intel hardware unless you can nail your issues to the realtek part. If you have a spare NIC of another make then go ahead and see if it resolves your problem.
-
I was all paranoid that I made a bad decision going with the Intel NIC's so had to do some testing. My test setup is a 3Ghz P4 w/ 1GB with one of yesterday's 2.0 embedded & 2 Intel nic's. 1 onboard Intel 100mbit for LAN & 1 PCI Intel 100mbit for WAN. Speedtest.net showed a burst up to 40+mbit down then held at 21.2mbit down rest of the test & 2.2mbit up (~0.1 CPU & ~2.0 interrupt) so looks like my 20/2 cable line was going full speed & then some with very little effort for the system which I figure means it could do tons more. At this point I'm thinking the Intel drivers are fine for my needs. :D
I'll have to search around to read up on the Intel stuff though still as I'm still curious & baffled because over & over I read "go Intel NIC's".
Cheers!
Bill