Home
 

Performance presentation, Des Moines Web Geeks

Matt Nuzum, the webmaster of ubuntu.com, invited me to speak at the Des Moines Web Geeks meeting last night. The venue, Impromptu Studios, was a bit hard to find. There were no signs for Impromptu Studios, but after lurking in dark alleyways for a while I eventually discovered what should have been obvious from the beginning: enter the furniture store with the "Closed" sign on the front and go up the stairs past the disused lavatory with a sign on the door saying "Beware of the Leopard."

The group was great and we talked for about an hour and half about bottlenecks and optimization. I even went home with a Django book!

Since this was a diverse group I tried to talk about things that everyone has to deal with (bottlenecks for storage, network, memory and CPU) rather than anything Drupal-specific.

As promised, last night's slides: Performance, Scalability on the Server Side (PDF, 1MB).

[ Submitted by John on Tue, 2009-09-22 09:07. | | ]

Watching traffic on FreeBSD

Ben Wong at MostlyGeek pointed out that a great way to watch traffic on FreeBSD is the command systat -ifstat 1 which shows:

                    /0   /1   /2   /3   /4   /5   /6   /7   /8   /9   /10
     Load Average   ||   

      Interface           Traffic               Peak                Total


            lo0  in      0.000 KB/s          0.000 KB/s            4.122 MB
                 out     0.000 KB/s          0.000 KB/s            4.122 MB

           bge0  in      6.181 KB/s         36.944 KB/s            1.666 GB
                 out   110.521 KB/s        670.040 KB/s            3.444 GB
[ Submitted by John on Fri, 2007-11-02 10:53. | | ]

Transparent bridging firewall

I had occasion today to set up a transparent bridging firewall. It's basically a computer that sits on the wire and silently drops packets matching certain rules.

In my case I wanted to restrict traffic to certain subnets without disturbing anything. So I took an Pentium Pro based HP Vectra (I'm telling you, those old HPs never die!) and put in two PCI-based ethernet cards, an Intel card and a trusty 3Com 905. It was nice that I had two different cards lying around, since they can be easily identified within FreeBSD by their separate interfaces (fxp0 and xl0, respectively). I installed FreeBSD 6.2 from a CD with minimal settings -- in particular, I declined to configure the network interface cards.

After install, I added the following line to /boot/loader.conf:

if_bridge_load="YES"

Added the following lines to /etc/rc.conf to force the two ethernet interfaces up and set up the bridge.

ifconfig_fxp0="up"
ifconfig_xl0="up"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm fxp0 addm xl0 up"
firewall_enable="YES"
firewall_type="/etc/rc.firewall.local"
firewall_quiet="YES"
firewall_logging="YES"

Added the following to /etc/sysctl.conf:

net.link.bridge.ipfw=1
net.link.bridge.ipfw_arp=0

Then I added ipfw rules to /etc/rc.firewall.local.

Note that I did not assign an IP address to either network card. That means the only way into the machine is through the console, and the only way to tell that it's there on the wire is to guess because response time is a tiny bit longer.

So far it looks like even a Pentium Pro is overkill.

[ Submitted by John on Mon, 2007-04-02 16:34. | | ]