Перейти к содержимому
Калькуляторы

savago

Пользователи
  • Публикации

    12
  • Зарегистрирован

  • Посещение

О savago

  • Звание
    Абитуриент
  • День рождения 10.03.1977

Контакты

  • Сайт
    http://www.rootshells.eu
  • ICQ
    363117414

Информация

  • Пол
    Мужчина
  • Интересы
    openbsd/freesbd

Город

  • Город
    България
  1. У меня так получается 2015-04-23 16:30:41,929 [iNFO] We haven't template for flowset_id: 257 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:30:42,933 [iNFO] We haven't template for flowset_id: 257 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:30:43,936 [iNFO] We haven't template for flowset_id: 257 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:30:44,936 [iNFO] We haven't template for flowset_id: 257 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:30:45,937 [iNFO] We haven't template for flowset_id: 257 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:30:45,937 [iNFO] We haven't template for flowset_id: 257 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:30:46,937 [iNFO] We haven't template for flowset_id: 257 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:30:47,937 [iNFO] We haven't template for flowset_id: 257 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:30:47,937 [iNFO] I received netflow v9 options flowset id but I haven't support for it 2015-04-23 16:30:47,937 [iNFO] We haven't template for flowset_id: 256 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:31:48,075 [iNFO] I received netflow v9 options flowset id but I haven't support for it 2015-04-23 16:31:48,075 [iNFO] We haven't template for flowset_id: 256 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:32:49,330 [iNFO] I received netflow v9 options flowset id but I haven't support for it 2015-04-23 16:32:49,330 [iNFO] We haven't template for flowset_id: 256 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:33:48,471 [iNFO] I received netflow v9 options flowset id but I haven't support for it 2015-04-23 16:33:48,471 [iNFO] We haven't template for flowset_id: 256 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:34:49,612 [iNFO] I received netflow v9 options flowset id but I haven't support for it 2015-04-23 16:34:49,612 [iNFO] We haven't template for flowset_id: 256 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:35:48,754 [iNFO] I received netflow v9 options flowset id but I haven't support for it 2015-04-23 16:35:48,755 [iNFO] We haven't template for flowset_id: 256 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:36:48,968 [iNFO] I received netflow v9 options flowset id but I haven't support for it 2015-04-23 16:36:48,968 [iNFO] We haven't template for flowset_id: 256 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:37:49,085 [iNFO] I received netflow v9 options flowset id but I haven't support for it 2015-04-23 16:37:49,085 [iNFO] We haven't template for flowset_id: 256 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:38:49,205 [iNFO] I received netflow v9 options flowset id but I haven't support for it 2015-04-23 16:38:49,206 [iNFO] We haven't template for flowset_id: 256 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:39:49,450 [iNFO] I received netflow v9 options flowset id but I haven't support for it 2015-04-23 16:39:49,450 [iNFO] We haven't template for flowset_id: 256 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:40:49,589 [iNFO] I received netflow v9 options flowset id but I haven't support for it 2015-04-23 16:40:49,589 [iNFO] We haven't template for flowset_id: 256 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:41:49,761 [iNFO] I received netflow v9 options flowset id but I haven't support for it 2015-04-23 16:41:49,761 [iNFO] We haven't template for flowset_id: 256 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:42:49,715 [iNFO] I received netflow v9 options flowset id but I haven't support for it 2015-04-23 16:42:49,715 [iNFO] We haven't template for flowset_id: 256 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it! 2015-04-23 16:43:49,847 [iNFO] I received netflow v9 options flowset id but I haven't support for it 2015-04-23 16:43:49,847 [iNFO] We haven't template for flowset_id: 256 but it's not an error if this message go away in 5-10 seconds. We need some time to learn it!
  2. Dummynet Tuning

    http://www.freebsd.org/cgi/man.cgi?query=dummynet&apropos=0&sektion=4&manpath=FreeBSD+8.2-RELEASE&arch=default&format=html options HZ=1000 # strongly recommended ( разбираем не менше ) Additionally, one may want to increase the number of mbuf clusters (used to store network packets) according to the sum of the bandwidth-delay products and queue sizes of all configured pipes. http://info.iet.unipi.it/~luigi/ip_dummynet/original.html "Also note that all delays are approximated with a granularity of 1/HZ seconds (HZ is typically 100, but we suggest using HZ=1000 and maybe even larger values)." > > As a rule of thumb, to make sure that drops are not caused > by short queues, you should set the queue size to 1/HZ seconds > worth of data -- at HZ=1000 and 1Gbit/s this means 128Kbytes. > Note that after the dummynet queue, there might be some other > queue that saturates. As an example, when using the box as a router, > packets go in bursts to the output interface, and the burst can > be as large as 1500 packets per tick on a fully saturated Gig-E > (the interface's queue ranges normally between 128 and 1024 slots). > The only fix for this is probably using higher values of HZ. > > chers > luigi У вас intel moderate карточки,нагрузка на сервера перейти на карточки как interrupts :) Увеличите kern.ipc.nmbclusters=524288,у вас ест некоторые буфера переполен. Даите увидем vmstat -z | egrep -i 'item|netg' Сколка рам на ето сервера ?
  3. Dummynet Tuning

    Дай так: vmstat -z | grep -v 0\$ netstat -id|grep ^igb netstat -id|grep ^ix sysctl -a net.inet.ip Попробайе увеличите как подсказали kern.hz=4000 или 8000 В час пик попрабали из клиент сторона ест дроп/лаг и кокие скорости держит тарифе ?
  4. Dummynet Tuning

    Дай увидем : netstat -s output | grep drop netstat -s|fgrep fragment vmstat -z|egrep 'ITEM|mbuf' systat -vmstat 1 netstat -m netstat -id ipfw pipe show
  5. Pentium

    Нет.Для сравнения.
  6. Сколко трафик/пакета держит такоя машина у вас ? Сколко трафик/пакета можно стабилно удержит машина с такое цпу. У меня такой бох держи 350-400М / ~40-4xК pps в посоке (~650/7xx users). 8.1-RELEASE-p5 sysctl -a | egrep -i 'hw.machine|hw.model|hw.ncpu' hw.machine: i386 hw.model: Intel(R) Pentium(R) D CPU 3.00GHz hw.ncpu: 2 hw.machine_arch: i386 em0@pci0:1:0:0: class=0x020000 card=0xa01f8086 chip=0x10d38086 rev=0x00 hdr=0x00 vendor = 'Intel Corporation' device = 'Intel 82574L Gigabit Ethernet Controller (82574L)' class = network subclass = ethernet em1@pci0:2:0:0: class=0x020000 card=0xa01f8086 chip=0x10d38086 rev=0x00 hdr=0x00 vendor = 'Intel Corporation' device = 'Intel 82574L Gigabit Ethernet Controller (82574L)' class = network subclass = ethernet CPU 0: 0.0% user, 0.0% nice, 0.4% system, 24.5% interrupt, 75.1% idle CPU 1: 0.0% user, 0.0% nice, 1.9% system, 25.2% interrupt, 72.9% idle Mem: 19M Active, 254M Inact, 196M Wired, 20K Cache, 112M Buf, 1520M Free Swap: 4043M Total, 4043M Free PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 11 root 171 ki31 0K 16K CPU1 1 174.3H 74.37% {idle: cpu1} 11 root 171 ki31 0K 16K RUN 0 175.2H 74.17% {idle: cpu0} 12 root -68 - 0K 192K WAIT 0 31.3H 23.00% {irq256: em0} 12 root -68 - 0K 192K WAIT 1 32.4H 21.19% {irq261: em1} 12 root -68 - 0K 192K WAIT 0 235:22 3.08% {irq262: em1} 12 root -68 - 0K 192K WAIT 1 225:03 2.59% {irq257: em0} 0 root -68 0 0K 136K - 1 94:33 0.68% {em1 txq} 0 root -68 0 0K 136K - 0 73:46 0.29% {em0 txq} 12 root -32 - 0K 192K WAIT 0 66:24 0.10% {swi4: clock} netstat -hw1 -I em1 input (em1) output packets errs idrops bytes packets errs bytes colls 22K 0 0 14M 28K 0 27M 0 23K 0 0 14M 29K 0 28M 0 23K 0 0 14M 28K 0 27M 0 22K 0 0 13M 28K 0 26M 0 21K 0 0 14M 27K 0 25M 0 22K 0 0 13M 27K 0 26M 0 22K 0 0 14M 28K 0 26M 0 23K 0 0 14M 27K 0 25M 0
  7. @Ilya А попробовал ли ipfw nat ? Каки трафици/пакети у тебя и на какое железо/драйвер тестировал. pf плохо распределяет нагрузку у меня. Когда я юзал,ipfw nat работал болше леько и быстро как пфнат. Сначало поллинг помогал но когда трафика выростил 3хх/м лаг и дроп пояивился ( на BCM5721). Убрал поллинг,интел картички 82574L поставил и проблем решил. @Dyr Можно попробоеш с аласи но там долго будеш писат,кривая работа будет.
  8. @ex-transfer ipfw nat,ng_nat очен лехко работоет в сравнение с пф нат.пф на фрее тежолое работоет,ето не опенбсд.Но пф/нат болше функционал. У меня ето плохая машина (гигадерево) на ~6xx усера и 3хх/М #options INET6 # IPv6 communications protocols #options SCTP # Stream Control Transmission Protocol #options FLOWTABLE ########## IPFW/Dummynet options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=0 options IPFIREWALL_FORWARD options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_NAT options LIBALIAS options DUMMYNET options ROUTETABLES=8 options SW_WATCHDOG #options ZERO_COPY_SOCKETS options NETGRAPH options NETGRAPH_BPF options NETGRAPH_IFACE options NETGRAPH_KSOCKET options NETGRAPH_IPFW options NETGRAPH_SOCKET options NETGRAPH_NETFLOW options NETGRAPH_ETHER options NETGRAPH_NAT options NETGRAPH_TEE options NETGRAPH_CAR options NETGRAPH_SPLIT #options NETGRAPH_PPPOE #options NETGRAPH_PPP #options NETGRAPH_PPTPGRE #options NETGRAPH_L2TP #options NETGRAPH_MPPC_ENCRYPTION #options NETGRAPH_TCPMSS #options NETGRAPH_CISCO #options NETGRAPH_ECHO #options NETGRAPH_FRAME_RELAY #options NETGRAPH_HOLE #options NETGRAPH_LMI #options NETGRAPH_RFC1490 #options NETGRAPH_TTY #options NETGRAPH_ASYNC #options NETGRAPH_UI #options NETGRAPH_VJC # vlan device vlan # lagg device lagg [/core# sysctl -a | egrep -i 'hw.machine|hw.model|hw.ncpu' hw.machine: i386 hw.model: Intel(R) Pentium(R) D CPU 3.00GHz hw.ncpu: 2 hw.machine_arch: i386 core# top -SPH 91 processes: 4 running, 64 sleeping, 23 waiting CPU 0: 0.0% user, 0.0% nice, 1.1% system, 31.5% interrupt, 67.4% idle CPU 1: 0.0% user, 0.0% nice, 1.1% system, 29.6% interrupt, 69.3% idle Mem: 19M Active, 298M Inact, 189M Wired, 32K Cache, 112M Buf, 1483M Free Swap: 4043M Total, 4043M Free PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 11 root 171 ki31 0K 16K RUN 1 171.6H 75.88% {idle: cpu1} 11 root 171 ki31 0K 16K RUN 0 172.8H 72.85% {idle: cpu0} 12 root -68 - 0K 192K WAIT 1 32.9H 25.59% {irq261: em1} 12 root -68 - 0K 192K CPU0 0 31.3H 24.27% {irq256: em0} 12 root -68 - 0K 192K WAIT 0 230:12 3.08% {irq262: em1} 12 root -68 - 0K 192K WAIT 1 223:49 2.78% {irq257: em0} 0 root -68 0 0K 136K - 1 91:22 0.39% {em1 txq} 0 root -68 0 0K 136K - 0 74:08 0.29% {em0 txq} 12 root -32 - 0K 192K WAIT 0 66:05 0.00% {swi4: clock} @Dyr Я незнаю ето,никогда не попробовал. У меня нат на аккцесах а там линукси.
  9. перейти на ipfw nat/ng_nat.очень помогает.
  10. Убери kern.hz="4000" vmstat -z|egrep 'ITEM|mbuf' systat -vmstat 1 netstat -m
  11. Забраните исходящие на tcp/25 . Как сказали ,многие сервисы имеют альтернативные порты для отправки с авторизацией.
  12. Disable hyperthreading. devd_enable="NO" in /etc/rc.conf and in /etc/syctl.conf kern.random.sys.harvest.ethernet=0 давай увидем sysctl.conf,loader.conf,kernconf п.с попробаи так с ядро #options INET6 # IPv6 communications protocols #options SCTP # Stream Control Transmission Protocol #options FLOWTABLE # per-cpu routing cache