What is the biggest attack in GBPS you stopped

Nullity

@Supermule:

I have spent the last 2-3 mths together with lowprofile to search for something that can improve it.

We have sent numerous mails to the dev's and not much response.

We wanted to have the dev's setup a test rig so they could see for themselves how it fares and work together somehow on creating a solution for this or maybe point out what specific issues the base OS has handling the packets.

Not much has come back….if nothing at all.

Lowprofile is looking at other products to handle his scenario since he is pretty dissappointed in the whole "package" and especilly in the lack of response on a matter this important.

Right, you seem like a good guy, just like most of us are.

What is stopping us from working together? I shared why I prematurely thought you were a egotistical troll… perhaps some others share that perspective?

Or maybe we are all assholes. :)

firewalluser

@Nullity:

What is stopping us from working together? I shared why I prematurely thought you were a egotistical troll… perhaps some others share that perspective?
Or maybe we are all assholes. :)

We are all chemically motivated and biased by the data we have learnt over the long and short term, throw in the absence of body language for this medium http://en.wikipedia.org/wiki/Body_language and we will fill the body language void with our own current emotions sometimes known as projecting (which can soimetimes be illuminating based on what is written above) and thus we can arrive at the wrong conclusions about someone. Emoticons/emojis sometime help but not always as some prefer to not use them as they can still be interpretted incorrectly.

Nullity

Indeed. I personally hate emoticons too, but I have personally seen how a negative, or lack of postive, focus can send a whole thread into a negative, hateful tone of adversarial confrontations instead of people realizing they actually all have a common goal to solve the friggen problem and learn something.

firewalluser

That would be the butterfly effect to use a mathematical reference, or the emotions fear and anger in a biological sense which is driven by excessive dopamine levels derived from a variety of inputs namely music, caffeine, alcohol & drugs. Dopamine gets broken down into the stress hormones (andrenaline and epherine aka speed the amphetamine), they can be cleared within 3-4hrs in smokers but can take over twice as long in non smokers, but they do help increase spatial intelligence and I'm digressing.

Edit, you could also add in some Asch conformity & Milgrams obedience to authority from a psychological perspective as well as things are more complicated in general when dealing with biological lifeforms compared to Artificial Intelligences.

Supermule

Thanks.

Allready changed that in system -> tunables and it made quite a difference on the low core tests.

doktornotor

@Nullity:

Indeed. I personally hate emoticons too, but I have personally seen how a negative, or lack of postive, focus can send a whole thread into a negative, hateful tone of adversarial confrontations instead of people realizing they actually all have a common goal to solve the friggen problem and learn something.

Because neither screaming "oh noes, it suxxx, we're all doomed, use Windows Firewall instead", nor this YT testing is a way how you handle a perceived security issue.

https://www.freebsd.org/security/reporting.html

@firewalluser:

That would be the butterfly effect… or the emotions fear and anger in a biological sense which is driven by excessive dopamine levels derived from a variety of inputs ...

Supermule

See.

I havent stated that people should use Windows Firewall instead.

I have stated that its not affected.

Not the same really…..

firewalluser

Could be useful.
https://wiki.freebsd.org/NetworkPerformanceTuning

firewalluser

@doktornotor:

@Nullity:

Indeed. I personally hate emoticons too, but I have personally seen how a negative, or lack of postive, focus can send a whole thread into a negative, hateful tone of adversarial confrontations instead of people realizing they actually all have a common goal to solve the friggen problem and learn something.

Because neither screaming "oh noes, it suxxx, we're all doomed, use Windows Firewall instead", nor this YT testing is a way how you handle a perceived security issue.

https://www.freebsd.org/security/reporting.html

@firewalluser:

That would be the butterfly effect… or the emotions fear and anger in a biological sense which is driven by excessive dopamine levels derived from a variety of inputs ...

Where do we draw the line at being educational?

Supermule

Allready implemented under system -> tunables for what I use and the network MTU.

@firewalluser:

Could be useful.
https://wiki.freebsd.org/NetworkPerformanceTuning

Supermule

By the way. Tested 1.2.3 and i got blown out of the water instantly using 4GB ram and 4CPU's.

So the new OS' is deffo an improvement.

firewalluser

Thanks for letting us know, its been educational.  ;D

Supermule

Opnsense 4core/8GB test.

http://youtu.be/dH4ih76b_Ik

Harvy66

@Supermule:

8 cores

http://youtu.be/-xTtzLEQx08

Not as good as hoped but not running 100% CPU like all the others. It seems that the response on the WAN graph are related to the PING on WAN.

It seems that the 2 CORE setup is the one that performs best in beginning until around 35 seconds into the attack. Then crash. 4 and 8 cores keep the GUI online.

You may be at 100% cpu, but according to the dashboard, you're running at 311mhz even when at 100%.

Harvy66

@firewalluser:

@Harvy66:

@firewalluser:

@Harvy66:

System Activity or "ps" will tell you total CPU time consumed. Just remember, a quad core can consume 4 CPU seconds per second.

Not always, you need to understand how the L2 cache works, ie its shared between cores on Intel, but AMD tend to have a cache amount per core, ie AMD would be less prone to cache collisions unlike Intel cpu's.

Cache misses counts as CPU time. If it takes an extra 250 cycles because of a cache miss, well, that's counting against you. CPU time is the amount of time a process has been scheduled. What it does during that time is irrelevant from the schedulers's standpoint.

@Harvy66:

System Activity or "ps" will tell you total CPU time consumed. Just remember, a quad core can consume 4 CPU seconds per second.

Yes

Yes & No

If no cache collisions occur then yes your "4 CPU seconds per second" would be right but when a cache collision occurs then its a matter of debate whether the cpu is giving you any cpu time useful to the task being asked of it by said software because a cache collision by definition is a failure of the cpu/core depending on where the cache collision occurs ie L1,2,3 which means no cpu processing useful to the task being asked of it as it backs out and resolves the cache collision.

To then make it a little more complicated or simpler depending on perspective, if the cache collision occurs on cache shared across all the cores then no you dont get your 4 cpu seconds per second as the CPU backs out and resolves the cache collision which holds up one or more other cores.

If the cache collision occurs on cache available only to a single core like L1 and some L2 (L2 on some chips is shared and on others its a small % of the total L2 but unique to each core), then you could consider it in your 4 cpu seconds per second statement but then there is still the matter of whether the CPU is giving you any "useful" processing time whilst it resolves the collision. Technically the time spent/clock cycles filling the cache having a collision and then resolving the collision is time wasted but it could still show as 100% core or CPU activity depending on the cache affected. So Yes when you see CPU activity at 100%, that would be correct but its not the whole picture as its hiding the cock ups of the CPU cache and the bus waits that are occuring.

Now even if we dont have any cache collisions, on a multi core cpu, time is then further spent wasted as the individual cores spend time waiting to access ram or the disk depending on bus architecture.

I've got software here which I have written which can run mulithreaded and multi cored, but its also capable of running on a single thread on a single core or x threads on a single core or x threads on x cores.

Guess which one runs the fastest?

The single threaded single core version.

Why is this?

Its because there is no time wasted handshaking between threads at the OS level and cores at the HW to access the ram and disk. Disk activity shows this up the most as disk/permanent storage is an order of magnitude slower to access even SSD's when compared to ram.

In some respects even though Arm chips are RISC ie dont have as many common tasks normally carried out by OS software functions which have made it into the cpu architecture unlike say Intels AES-NI to pick a relevant example http://en.wikipedia.org/wiki/AES_instruction_set
of where some common software functions have made it into the cpu architecture, they generally but not always tend to speed up the software but all of this ultimately depends on how the software is written and to a lessor extent the language and compiler used as optimising compilers like cache can work for you and against you as well depending on the chip used to run the software.

This is why I suggested right back at the beginning to try a 1.x version of pfsense. Considering the new features and improvements to functionality made to OS's over time, not only can code be compared easily, it will be possible to workout by elimination and some observations where the problem lies. I suspect knowing how HW drivers used to be for printers especially HP printers in the Win3.1,W95,W98, NT3.5, NT4 days that the drivers have not been updated enough to keep pace with OS developments, hence why I agree with KOM and suspect its a NIC hook issue in the OS, but it will also be compounded by the multi core's seen in cpu's today which is why I also suggested for those running it virtualised like on ESXI, to restrict the core's available to 1.

Apologies if this making you suck eggs, but due to limited data ie not knowing you or your past I dont know how much you know or dont know, hence the explaination above.  :)

You are correct, but I was not incorrect either. All I was saying was that you can see CPU time spent. All CPU time is the amount of time spent in a given context. yes, AMD's new arch has a much greater chance of cache line collisions, especially given the size of their L2 caches and the limited n-way associativity, but that reduces the amount of work done per unit of time, not the amount of time spent. I do agree that AMD can take more time to get the same amount of work done, but "cpu time" is still wall-clock time spent in a context.

Nice to know other people share my affection for understanding computers  :-)

Harvy66

What is "KERN.IPC.NMBUF"? I can't find anything about it?

Supermule

Kernel buffers.

https://www.google.dk/search?q=KERN.IPC.NMBUF&ie=UTF-8

Supermule

It goes down so fast you dont see the utilization…

@Harvy66:

@Supermule:

8 cores

http://youtu.be/-xTtzLEQx08

Not as good as hoped but not running 100% CPU like all the others. It seems that the response on the WAN graph are related to the PING on WAN.

It seems that the 2 CORE setup is the one that performs best in beginning until around 35 seconds into the attack. Then crash. 4 and 8 cores keep the GUI online.

You may be at 100% cpu, but according to the dashboard, you're running at 311mhz even when at 100%.

Supermule

4mbps attack and 40% packetloss.

Netstat -L doesnt see any exhaustion of queues.

Anybody know how to change the backlog to 1024??

Just to see if it matters.

Supermule

Here is the output of vmstat -z

Anybody find something unusual in this?