MBUF setting in nano embedded
We just installed a 2.0.1 AMD64 pfSense firewall today. It is running on a Intel box with 8GB of ram using nano embedded with a quad core 3.4Ghz V2 Sandybridge proc. It has four Intel NIC ports, two on the MB and two on a PCIe card, of which only two are used; one on each. The Internet connection is a 300Mbps connections. It is currently using 5558 of 25600 MBUFs. I've read several places that for Intel NICs this should be increased to:
Is this something I should do and if so how do you do it in the embedded pfSense version? Can you edit the same file and save it on the embedded nano pfSense install?
Should I also implement the above?
I figured it out.
save changes and quit vi
Can you safely define the kern.ipc.nmbclusters directive to be larger than 131072 if needed?
stephenw10 Netgate Administrator
Yes you can make it bigger, though you shouldn't have to. The only restriction is the amount of memory it uses, as far as I know, though I suppose it could have some other consequences if you made it ridiculously large. E.g:
The NMBCLUSTERS kernel configuration option dictates the amount of network Mbufs available to the system. A heavily-trafficked server with a low number of Mbufs will hinder FreeBSD's ability. Each cluster represents approximately 2 K of memory, so a value of 1024 represents 2 megabytes of kernel memory reserved for network buffers. A simple calculation can be done to figure out how many are needed. If you have a web server which maxes out at 1000 simultaneous connections, and each connection eats a 16 K receive and 16 K send buffer, you need approximately 32 MB worth of network buffers to cover the web server. A good rule of thumb is to multiply by 2, so 2x32 MB / 2 KB = 64 MB / 2 kB = 32768. We recommend values between 4096 and 32768 for machines with greater amounts of memory. Under no circumstances should you specify an arbitrarily high value for this parameter as it could lead to a boot time crash. The -m option to netstat(1) may be used to observe network cluster use.
I guess that advice is a bit old now, 64MB is not going to trouble your system!