[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rdr - problem with 10000 connections

I've set up router on OpenBSD 3.7:
$ uname -v
on this router i've run such pf.conf rules:
ext_if="em0" # external device
int_if="em1" #internal device
rdr on $ext_if proto tcp from any to $ext_addr port 80 -> $web_servers port 80
It runs good but only if there is not so much connections to this web server.
But when I do many connections (i'm using: ab -n 10000 -c 100 to this machine, connection to it
doing telnet localhost 80 on web server works fine. Telnet from router
to web server on 80 port hangs.
when doing on router: pfctl -ss | wc -l i've got 10000 in the moment
when i can't connect to web server, bo if there is less then 10000
connections to WWW - works fine.
netstat -m shows me:
520 mbufs in use:
        513 mbufs allocated to data
        3 mbufs allocated to packet headers
        4 mbufs allocated to socket names and addresses
512/608/6144 mbuf clusters in use (current/peak/max)
1380 Kbytes allocated to network (83% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
from top:
load averages:  0.20,  0.11,  0.09
28 processes:  27 idle, 1 on processor
CPU states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
Memory: Real: 10M/60M act/tot  Free: 438M  Swap: 0K/1000M used/tot
# vmstat
 procs   memory        page                    disks     traps         cpu
 r b w    avm    fre   flt  re  pi  po  fr  sr cd0 wd0  int   sys   cs us sy id
 0 0 0  10356 448676   168   0   0   0   0   0   0   0 1347   945   16  0  2 97
First i thought that i could be a problem on this web server so i've
done such ab test without router - it works great, it can handle more
that 600 parallel connections. All test ended very quick with only 66
failed requests. So it can't be web server.
Any ideas? Thanks!
Best Regards,