[ previous ] [ next ] [ threads ]
 
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Performance difference between 1.235 and 1.3b15
 Date:  Sat, 15 Nov 2008 09:07:26 +0000 
Hi,

In message
<d64aa1760811141708i32897d9fj34e3cb36bd92fc58 at mail dot gmail dot com>, Chris
Buechler <cbuechler at gmail dot com> writes
>On Fri, Nov 14, 2008 at 2:24 PM, Nicolai Scheer <scope at planetavent dot de> wrote:
>>
>> I share your experience. When using m0n0 1.2 on my WRAP (233MHz),
>> everything was fine. After I switched to 1.3, I could not even reach the
>> web interface when under heavy traffic (traffic was delivered in time,
>> though). I think this is due to FreeBSD 6 being more "hardware hungry".
>>
>
>This is likely different. Going from 1.2 to 1.3 you'll see your max
>throughput go from around 45 Mbps to about 25 Mbps on a WRAP. If
>you're pushing close to 25 Mbps, while you were fine previously, you
>don't have enough horsepower with 1.3.
>
>In Neil's case, the cause is likely that large packets are getting
>dropped somewhere. The client is sitting there waiting for the reply,
>which is likely being sent, just getting dropped somewhere for some
>reason. Eventually PMTUD does its thing and you get back the smaller
>packet size. There was a bug in FreeBSD 6.2 where MRU was forced to
>MTU, which caused problems with VLANs, but that was resolved in 6.3 so
>if you're using the latest beta that won't be the case. Could be
>something related to hardware VLAN tagging on the NICs.

Whilst searching around, I read that someone on an earlier 1.3 beta had
had problems with advanced outbound NAT where they'd have a performance
hit if they had a negated destination field - which I do (several
times)!

Hopefully sometime this weekend I'll get 1.3b15 on my test box and start
building the configuration from scratch and see if a basic configuration
suffers the same performance problem.

Is there a list of NICs that support hardware VLAN tagging for 1.3?  I
thought there was but last time I looked I couldn't find it!  Is there a
recommendation for a decent card?  There seems to be plenty of Intel
Pro/100 and Pro/100 S on eBay going at a sensible price!  Not sure if
the onboard 82558 supports VLAN tagging natively.

If the bare config has the same problem then I'll do a packet capture on
the LAN and WAN interfaces and try and compare the two and narrow down
the problem!

Many thanks,


                                Neil.

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk