[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipf x86 max concurrent-are interrupts the limitation?
>what does the output from "ipfstat -s" (just the stats, not the list of
>active connections) say ?
Thanks for your responses guys.
Some of this may sound ignorant so I appreciate your patience.
Details below:
------------------------------------------
here is ipfstat -s output for 1000 users:
IP states added:
48312 TCP
18 UDP
0 ICMP
2794186209 hits
93235181 misses
0 maximum
0 no memory
1027 bkts in use
1027 active
18 expired
47285 closed
top shows interrupts at ~15%
-----------------------------------------
-----------------------------------------
here is ipfstat -s output for 1450 users:
IP states added:
53307 TCP
18 UDP
0 ICMP
2799410841 hits
93248104 misses
0 maximum
0 no memory
1637 bkts in use
1637 active
18 expired
51670 closed
top shows interrupts at ~90%
----------------------------------------
at 1500 users the obsd box becomes unresponsive
-------------------------------------------
Note: you may notice the small number of expired states w/ ipfstat -s, as
did I. I asked about this earlier on the both the obsd misc and ipf lists
but never got any response. I think the counter is broken perhaps? I can
see the states expiring w/ ipmon -o S but ipfstat -s never seems to rarely
be updated w/ expired states. I don't think
that vmstat -m shows balooning memory usage:
Type InUse MemUse HighUse Limit Requests Limit Limit Size(s)
mbuf 632 91K 122K 39322K-1296257454 0 0 128,16384
Memory Totals: In Use Free Requests
5768K 1342K -1293584713
---------------------------------------------
Here are my mods to 2.9 Generic kernel:
option NMBCLUSTERS=10240
option IPSTATE_SIZE=64997
option IPSTATE_MAX=45499
option NKMEMCLUSTERS=16384
option MAX_KMAP=200
option MAX_KMAPENT=8000
option NBUF=16384
-------------------------------------------
Here are my direct mods to ip_state.c:
I changed idle timeout from 5 days to 6 hours.
I changed halfclosed timeout from 2 hours to 30 minutes.
#define FIVE_DAYS (43200)
fr_tcphalfclosed = 1 * 1 * 3600
---------------------------------------------
Here are my mods to ip_nat.h:
#define LARGE_NAT
#define NAT_SIZE 8191
#define RDR_SIZE 8191
#define NAT_TABLE_SZ 262143
#define HOSTMAP_SIZE 32767
---------------------------------------------
Here are some details about my setup:
I am using MS Web stress tool on 3 client machines to simulate users. These
users are simply doing 1 HTTP GET for a 1.3Mb file. I can verify w/ various
utils that the correct number of connections is being made to the obsd box.
I am quite sure that the client machines are capable of making large numbers
of connections. They are all duel 1Ghz P3
boxes w/ 1Gb RAM and Intel 100Mbit cards running win2k.
I am going through my obsd/ipf box to 2 win2k advanced server iis boxes that
are all duel p3 866, 1GB ram, Intel nics. I am using rdr port 80 and round
robin to these boxes with ipf. The boxes show now disk activity so I assume
this file is being served out of RAM.
I don't think the problem is with ipf ruleset as the interrupt usage results
are identical whether I use my full ruleset or "pass in from any to any,
pass out from any to any".
I am operating under the possibly incorrect assumption that even if my web
servers fell over as I push the connections up, the ipf box should remain
responsive. Is this a correct assumption or could improper behaviour of the
web servers cause the interrupt usage to skyrocket? I would appreciate any
suggestions on how to correctly stress test my ipf
setup for max concurrent connections.
Thanks very much for your time.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp