View Single Post
  #6   (View Single Post)  
Old 27th October 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Nothing jumps out at me from netstat as an obvious problem.

I found a pf.conf you posted here a year ago. I don't know how much of this is still configured this way:
Code:
set optimization normal
This optimization is the default setting, so the line is not necessary. It affects state timeouts.
Code:
match log on $ext_if all scrub (random-id min-ttl 254 set-tos lowdelay reassemble t
cp max-mss 1460)
In your scrub settings:
  • I don't understand why you set a high minimum IP TTL, though I don't think this, by itself, will have a performance effect. Do you need this because of the impact of your TOS enforcement?
  • The Type-Of-Service enforcement you are setting might be affecting performance, as routers upstream of you will handle packets with TOS bits set differently than "normal" packets. In this case, you are requesting packets be routed via the lowest-latency routes, but such routes may not be the most direct.
Have you looked at pfctl interface statistics?
Reply With Quote