Да у меня дефолтное значение этого параметра net.isr.direct=1. # 1. Network perfomance tunning # 1.1 Packet forwarding # 1.1.1 Enable packet forwarding between ifaces # Enable in rc.conf by option gateway_enable="YES" # net.inet.ip.forwarding=1 # 1.1.2 Enable flow-based IP forwarding (analog ip cef in Cisco IOS) net.inet.ip.fastforwarding=1 # 1.1.3 Increase the number of network mbufs (~70Mb phys. memory) # Use netstat -m for monitoring kern.ipc.nmbclusters=32768 # 1.1.4 Size of the listen queue for accepting new TCP connections # Use netstat -Lan for monitoring kern.ipc.somaxconn=4096 kern.ipc.maxsockets=204800 # 1.1.5 Other network buffering (local network-intensive application) net.local.stream.recvspace=65535 net.local.stream.sendspace=65535
# 1.2 Protocol spec. options # 1.2.1 Disable sending IP redirects (ICMP_REDIRECT) net.inet.ip.redirect=0 net.inet.icmp.drop_redirect=1 # 1.2.2 Drop SYN without RST on closed ports net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 # 1.2.3 Maximum size of the IP input queue # Need much more on Gigabit Ethernet Connections (tune em-iface in loader.conf to use it) net.inet.ip.intr_queue_maxlen=5120 # 1.2.4 Disable forwarding packets without touching the TTL # net.inet.ip.stealth=0 # 1.2.5 Drop SYNFIN packets enable in rc.conf (needs option in kernel on 6.x)
# 1.3 Dummynet settings # 1.3.1 Enable fast dummynet operation mode (needs FreeBSD 7.1 and above) # net.inet.ip.dummynet.io_fast=1 # 1.3.2 Will paccket exit from IPFW after dummynet/netgraph/pf? # net.inet.ip.fw.one_pass=0 # 1.3.3 Default size of the hash table used for dynamic pipes/queues. net.inet.ip.dummynet.hash_size=512 # 1.3.4 Target value for the maximum number of pipes/queues in a hash bucket. net.inet.ip.dummynet.max_chain_len=32 # 1.3.5 The number of buckets in the hash table for dynamic(keep-state) rules. net.inet.ip.fw.dyn_buckets=1024
# 2. Hardware perfomance tunning # 2.1 Using delayed interrupts on em(4) ifaces - use carefully # Default values # dev.em.2.rx_int_delay: 0 # dev.em.2.tx_int_delay: 66 # dev.em.2.rx_abs_int_delay: 66 # dev.em.2.tx_abs_int_delay: 66 # Current values: dev.em.0.rx_int_delay=600 dev.em.0.tx_int_delay=600 dev.em.0.rx_abs_int_delay=1000 dev.em.0.tx_abs_int_delay=1000 dev.em.0.rx_processing_limit=1024 ...
А использование netgraph никак не может влиять на рост данного параметра, то есть не будет ли рости этот параметр из-за использования связки "прослойки" ng_ipfw? У меня ~540 нод ng_car для шейпинга абонентов.
no subject
# 1. Network perfomance tunning
# 1.1 Packet forwarding
# 1.1.1 Enable packet forwarding between ifaces
# Enable in rc.conf by option gateway_enable="YES"
# net.inet.ip.forwarding=1
# 1.1.2 Enable flow-based IP forwarding (analog ip cef in Cisco IOS)
net.inet.ip.fastforwarding=1
# 1.1.3 Increase the number of network mbufs (~70Mb phys. memory)
# Use netstat -m for monitoring
kern.ipc.nmbclusters=32768
# 1.1.4 Size of the listen queue for accepting new TCP connections
# Use netstat -Lan for monitoring
kern.ipc.somaxconn=4096
kern.ipc.maxsockets=204800
# 1.1.5 Other network buffering (local network-intensive application)
net.local.stream.recvspace=65535
net.local.stream.sendspace=65535
# 1.2 Protocol spec. options
# 1.2.1 Disable sending IP redirects (ICMP_REDIRECT)
net.inet.ip.redirect=0
net.inet.icmp.drop_redirect=1
# 1.2.2 Drop SYN without RST on closed ports
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
# 1.2.3 Maximum size of the IP input queue
# Need much more on Gigabit Ethernet Connections (tune em-iface in loader.conf to use it)
net.inet.ip.intr_queue_maxlen=5120
# 1.2.4 Disable forwarding packets without touching the TTL
# net.inet.ip.stealth=0
# 1.2.5 Drop SYNFIN packets enable in rc.conf (needs option in kernel on 6.x)
# 1.3 Dummynet settings
# 1.3.1 Enable fast dummynet operation mode (needs FreeBSD 7.1 and above)
# net.inet.ip.dummynet.io_fast=1
# 1.3.2 Will paccket exit from IPFW after dummynet/netgraph/pf?
# net.inet.ip.fw.one_pass=0
# 1.3.3 Default size of the hash table used for dynamic pipes/queues.
net.inet.ip.dummynet.hash_size=512
# 1.3.4 Target value for the maximum number of pipes/queues in a hash bucket.
net.inet.ip.dummynet.max_chain_len=32
# 1.3.5 The number of buckets in the hash table for dynamic(keep-state) rules.
net.inet.ip.fw.dyn_buckets=1024
# 1.4 Netgraph setting
net.graph.recvspace=40960
net.graph.maxdgram=40960
# 2. Hardware perfomance tunning
# 2.1 Using delayed interrupts on em(4) ifaces - use carefully
# Default values
# dev.em.2.rx_int_delay: 0
# dev.em.2.tx_int_delay: 66
# dev.em.2.rx_abs_int_delay: 66
# dev.em.2.tx_abs_int_delay: 66
# Current values:
dev.em.0.rx_int_delay=600
dev.em.0.tx_int_delay=600
dev.em.0.rx_abs_int_delay=1000
dev.em.0.tx_abs_int_delay=1000
dev.em.0.rx_processing_limit=1024
...
А использование netgraph никак не может влиять на рост данного параметра, то есть не будет ли рости этот параметр из-за использования связки "прослойки" ng_ipfw?
У меня ~540 нод ng_car для шейпинга абонентов.
P.S> За английский простите :)