We've made changes, and are still having issues - do you think using
squid3, changing our values, setting squid to run directly on port 80
(instead of ipfw redirecting 80 to 3128), or running Linux would solve
the problems (this is on FreeBSD 6.2)?
The main log messages we're getting are "httpReadReply: Excess data
from" and "httpReadReply: Request not yet fully sent".
Here's our changes:
Kernel:
Removed the NET_WITH_GIANT option, since aio supposedly works fine
without it (this was turned on before)
Added DEVICE_POLLING, which uses the interface polling method instead of
standard interrupt routines for network interfaces
added these to /etc/sysctl.conf:
net.inet.tcp.rfc1323=0
net.inet.tcp.mssdflt=1460
net.inet.tcp.slowstart_flightsize=27
net.inet.tcp.hostcache.expire=3900
kern.polling.burst_max=1000
kern.polling.idle_poll=0
kern.polling.each_burst=50
added these to /boot/loader.conf (for increasing the host cache table)
net.inet.tcp.tcbhashsize="4096"
net.inet.tcp.hostcache.hashsize="1024"
the MTU for the GRE interfaces is set to 1514 in the rc.gre script
polling is turned on in /etc/rc.conf for the em0 interface
Ryan Thoryk
System Administrator
onShore Networks, LLC
Ryan Thoryk wrote:
One thing I found was that the MTU of the GRE interfaces was different
than the MTU on the routers. I fixed that and am currently testing it.
Adrian Chadd wrote:
What you want to do is try and find a tcpdump capture for the broken
HTTP flows.
I'd make sure window scaling is disabled, ECN is disabled and I'd
change the default route TCP MSS to be < 1500 (say, 1400 or 1300.)
Make sure if you use GRE then the route GRE is using is 1500. :)
(I'm playing around with tproxy at home and I'm having slow loading
issues;
I have a feeling I'm seeing PMTU related issues. Hm.)
Adrian
