tuning.7 revision 87504
1.hlm 0 2.\" Copyright (c) 2001, Matthew Dillon. Terms and conditions are those of 3.\" the BSD Copyright as specified in the file "/usr/src/COPYRIGHT" in 4.\" the source tree. 5.\" 6.\" $FreeBSD: head/share/man/man7/tuning.7 87504 2001-12-07 18:02:16Z rwatson $ 7.\" 8.Dd May 25, 2001 9.Dt TUNING 7 10.Os 11.Sh NAME 12.Nm tuning 13.Nd performance tuning under FreeBSD 14.Sh SYSTEM SETUP - DISKLABEL, NEWFS, TUNEFS, SWAP 15When using 16.Xr disklabel 8 17to lay out your filesystems on a hard disk it is important to remember 18that hard drives can transfer data much more quickly from outer tracks 19than they can from inner tracks. 20To take advantage of this you should 21try to pack your smaller filesystems and swap closer to the outer tracks, 22follow with the larger filesystems, and end with the largest filesystems. 23It is also important to size system standard filesystems such that you 24will not be forced to resize them later as you scale the machine up. 25I usually create, in order, a 128M root, 1G swap, 128M 26.Pa /var , 27128M 28.Pa /var/tmp , 293G 30.Pa /usr , 31and use any remaining space for 32.Pa /home . 33.Pp 34You should typically size your swap space to approximately 2x main memory. 35If you do not have a lot of RAM, though, you will generally want a lot 36more swap. 37It is not recommended that you configure any less than 38256M of swap on a system and you should keep in mind future memory 39expansion when sizing the swap partition. 40The kernel's VM paging algorithms are tuned to perform best when there is 41at least 2x swap versus main memory. 42Configuring too little swap can lead 43to inefficiencies in the VM page scanning code as well as create issues 44later on if you add more memory to your machine. 45Finally, on larger systems 46with multiple SCSI disks (or multiple IDE disks operating on different 47controllers), we strongly recommend that you configure swap on each drive 48(up to four drives). 49The swap partitions on the drives should be approximately the same size. 50The kernel can handle arbitrary sizes but 51internal data structures scale to 4 times the largest swap partition. 52Keeping 53the swap partitions near the same size will allow the kernel to optimally 54stripe swap space across the N disks. 55Don't worry about overdoing it a 56little, swap space is the saving grace of 57.Ux 58and even if you don't normally use much swap, it can give you more time to 59recover from a runaway program before being forced to reboot. 60.Pp 61How you size your 62.Pa /var 63partition depends heavily on what you intend to use the machine for. 64This 65partition is primarily used to hold mailboxes, the print spool, and log 66files. 67Some people even make 68.Pa /var/log 69its own partition (but except for extreme cases it isn't worth the waste 70of a partition ID). 71If your machine is intended to act as a mail 72or print server, 73or you are running a heavily visited web server, you should consider 74creating a much larger partition \(en perhaps a gig or more. 75It is very easy 76to underestimate log file storage requirements. 77.Pp 78Sizing 79.Pa /var/tmp 80depends on the kind of temporary file usage you think you will need. 81128M is 82the minimum we recommend. 83Also note that sysinstall will create a 84.Pa /tmp 85directory, but it is usually a good idea to make 86.Pa /tmp 87a softlink to 88.Pa /var/tmp 89after the fact. 90Dedicating a partition for temporary file storage is important for 91two reasons: first, it reduces the possibility of filesystem corruption 92in a crash, and second it reduces the chance of a runaway process that 93fills up 94.Oo Pa /var Oc Ns Pa /tmp 95from blowing up more critical subsystems (mail, 96logging, etc). 97Filling up 98.Oo Pa /var Oc Ns Pa /tmp 99is a very common problem to have. 100.Pp 101In the old days there were differences between 102.Pa /tmp 103and 104.Pa /var/tmp , 105but the introduction of 106.Pa /var 107(and 108.Pa /var/tmp ) 109led to massive confusion 110by program writers so today programs haphazardly use one or the 111other and thus no real distinction can be made between the two. 112So it makes sense to have just one temporary directory. 113However you handle 114.Pa /tmp , 115the one thing you do not want to do is leave it sitting 116on the root partition where it might cause root to fill up or possibly 117corrupt root in a crash/reboot situation. 118.Pp 119The 120.Pa /usr 121partition holds the bulk of the files required to support the system and 122a subdirectory within it called 123.Pa /usr/local 124holds the bulk of the files installed from the 125.Xr ports 7 126hierarchy. 127If you do not use ports all that much and do not intend to keep 128system source 129.Pq Pa /usr/src 130on the machine, you can get away with 131a 1 gigabyte 132.Pa /usr 133partition. 134However, if you install a lot of ports 135(especially window managers and linux-emulated binaries), we recommend 136at least a 2 gigabyte 137.Pa /usr 138and if you also intend to keep system source 139on the machine, we recommend a 3 gigabyte 140.Pa /usr . 141Do not underestimate the 142amount of space you will need in this partition, it can creep up and 143surprise you! 144.Pp 145The 146.Pa /home 147partition is typically used to hold user-specific data. 148I usually size it to the remainder of the disk. 149.Pp 150Why partition at all? 151Why not create one big 152.Pa / 153partition and be done with it? 154Then I don't have to worry about undersizing things! 155Well, there are several reasons this isn't a good idea. 156First, 157each partition has different operational characteristics and separating them 158allows the filesystem to tune itself to those characteristics. 159For example, 160the root and 161.Pa /usr 162partitions are read-mostly, with very little writing, while 163a lot of reading and writing could occur in 164.Pa /var 165and 166.Pa /var/tmp . 167By properly 168partitioning your system fragmentation introduced in the smaller more 169heavily write-loaded partitions will not bleed over into the mostly-read 170partitions. 171Additionally, keeping the write-loaded partitions closer to 172the edge of the disk (i.e. before the really big partitions instead of after 173in the partition table) will increase I/O performance in the partitions 174where you need it the most. 175Now it is true that you might also need I/O 176performance in the larger partitions, but they are so large that shifting 177them more towards the edge of the disk will not lead to a significant 178performance improvement whereas moving 179.Pa /var 180to the edge can have a huge impact. 181Finally, there are safety concerns. 182Having a small neat root partition that 183is essentially read-only gives it a greater chance of surviving a bad crash 184intact. 185.Pp 186Properly partitioning your system also allows you to tune 187.Xr newfs 8 , 188and 189.Xr tunefs 8 190parameters. 191Tuning 192.Xr newfs 8 193requires more experience but can lead to significant improvements in 194performance. 195There are three parameters that are relatively safe to tune: 196.Em blocksize , bytes/inode , 197and 198.Em cylinders/group . 199.Pp 200.Fx 201performs best when using 8K or 16K filesystem block sizes. 202The default filesystem block size is 8K. 203For larger partitions it is usually a good 204idea to use a 16K block size. 205This also requires you to specify a larger 206fragment size. 207We recommend always using a fragment size that is 1/8 208the block size (less testing has been done on other fragment size factors). 209The 210.Xr newfs 8 211options for this would be 212.Dq Li "newfs -f 2048 -b 16384 ..." . 213Using a larger block size can cause fragmentation of the buffer cache and 214lead to lower performance. 215.Pp 216If a large partition is intended to be used to hold fewer, larger files, such 217as a database files, you can increase the 218.Em bytes/inode 219ratio which reduces the number of inodes (maximum number of files and 220directories that can be created) for that partition. 221Decreasing the number 222of inodes in a filesystem can greatly reduce 223.Xr fsck 8 224recovery times after a crash. 225Do not use this option 226unless you are actually storing large files on the partition, because if you 227overcompensate you can wind up with a filesystem that has lots of free 228space remaining but cannot accommodate any more files. 229Using 32768, 65536, or 262144 bytes/inode is recommended. 230You can go higher but 231it will have only incremental effects on 232.Xr fsck 8 233recovery times. 234For example, 235.Dq Li "newfs -i 32768 ..." . 236.Pp 237Finally, increasing the 238.Em cylinders/group 239ratio has the effect of packing the inodes closer together. 240This can increase directory performance and also decrease 241.Xr fsck 8 242times. 243If you use this option at all, we recommend maxing it out. 244Use 245.Dq Li "newfs -c 999" 246and 247.Xr newfs 8 248will error out and tell you what the maximum is, then use that. 249.Pp 250.Xr tunefs 8 251may be used to further tune a filesystem. 252This command can be run in 253single-user mode without having to reformat the filesystem. 254However, this is possibly the most abused program in the system. 255Many people attempt to 256increase available filesystem space by setting the min-free percentage to 0. 257This can lead to severe filesystem fragmentation and we do not recommend 258that you do this. 259Really the only 260.Xr tunefs 8 261option worthwhile here is turning on 262.Em softupdates 263with 264.Dq Li "tunefs -n enable /filesystem" . 265(Note: in 266.Fx 2675.x 268softupdates can be turned on using the 269.Fl U 270option to 271.Xr newfs 8 ) . 272Softupdates drastically improves meta-data performance, mainly file 273creation and deletion. 274We recommend enabling softupdates on all of your 275filesystems. 276There are two downsides to softupdates that you should be 277aware of. 278First, softupdates guarantees filesystem consistency in the 279case of a crash but could very easily be several seconds (even a minute!) 280behind updating the physical disk. 281If you crash you may lose more work 282than otherwise. 283Secondly, softupdates delays the freeing of filesystem 284blocks. 285If you have a filesystem (such as the root filesystem) which is 286close to full, doing a major update of it, e.g.\& 287.Dq Li "make installworld" , 288can run it out of space and cause the update to fail. 289.Pp 290A number of run-time 291.Xr mount 8 292options exist that can help you tune the system. 293The most obvious and most dangerous one is 294.Cm async . 295Don't ever use it, it is far too dangerous. 296A less dangerous and more 297useful 298.Xr mount 8 299option is called 300.Cm noatime . 301.Ux 302filesystems normally update the last-accessed time of a file or 303directory whenever it is accessed. 304This operation is handled in 305.Fx 306with a delayed write and normally does not create a burden on the system. 307However, if your system is accessing a huge number of files on a continuing 308basis the buffer cache can wind up getting polluted with atime updates, 309creating a burden on the system. 310For example, if you are running a heavily 311loaded web site, or a news server with lots of readers, you might want to 312consider turning off atime updates on your larger partitions with this 313.Xr mount 8 314option. 315However, you should not gratuitously turn off atime 316updates everywhere. 317For example, the 318.Pa /var 319filesystem customarily 320holds mailboxes, and atime (in combination with mtime) is used to 321determine whether a mailbox has new mail. 322You might as well leave 323atime turned on for mostly read-only partitions such as 324.Pa / 325and 326.Pa /usr 327as well. 328This is especially useful for 329.Pa / 330since some system utilities 331use the atime field for reporting. 332.Sh STRIPING DISKS 333In larger systems you can stripe partitions from several drives together 334to create a much larger overall partition. 335Striping can also improve 336the performance of a filesystem by splitting I/O operations across two 337or more disks. 338The 339.Xr vinum 8 340and 341.Xr ccdconfig 8 342utilities may be used to create simple striped filesystems. 343Generally 344speaking, striping smaller partitions such as the root and 345.Pa /var/tmp , 346or essentially read-only partitions such as 347.Pa /usr 348is a complete waste of time. 349You should only stripe partitions that require serious I/O performance, 350typically 351.Pa /var , /home , 352or custom partitions used to hold databases and web pages. 353Choosing the proper stripe size is also 354important. 355Filesystems tend to store meta-data on power-of-2 boundaries 356and you usually want to reduce seeking rather than increase seeking. 357This 358means you want to use a large off-center stripe size such as 1152 sectors 359so sequential I/O does not seek both disks and so meta-data is distributed 360across both disks rather than concentrated on a single disk. 361If 362you really need to get sophisticated, we recommend using a real hardware 363RAID controller from the list of 364.Fx 365supported controllers. 366.Sh SYSCTL TUNING 367There are several hundred 368.Xr sysctl 8 369variables in the system, including many that appear to be candidates for 370tuning but actually aren't. 371In this document we will only cover the ones 372that have the greatest effect on the system. 373.Pp 374The 375.Va kern.ipc.shm_use_phys 376sysctl defaults to 0 (off) and may be set to 0 (off) or 1 (on). 377Setting 378this parameter to 1 will cause all System V shared memory segments to be 379mapped to unpageable physical RAM. 380This feature only has an effect if you 381are either (A) mapping small amounts of shared memory across many (hundreds) 382of processes, or (B) mapping large amounts of shared memory across any 383number of processes. 384This feature allows the kernel to remove a great deal 385of internal memory management page-tracking overhead at the cost of wiring 386the shared memory into core, making it unswappable. 387.Pp 388The 389.Va vfs.vmiodirenable 390sysctl defaults to 1 (on). 391This parameter controls how directories are cached 392by the system. 393Most directories are small and use but a single fragment 394(typically 1K) in the filesystem and even less (typically 512 bytes) in 395the buffer cache. 396However, when operating in the default mode the buffer 397cache will only cache a fixed number of directories even if you have a huge 398amount of memory. 399Turning on this sysctl allows the buffer cache to use 400the VM Page Cache to cache the directories. 401The advantage is that all of 402memory is now available for caching directories. 403The disadvantage is that 404the minimum in-core memory used to cache a directory is the physical page 405size (typically 4K) rather than 512 bytes. 406We recommend turning this option off in memory-constrained environments; 407however, when on, it will substantially improve the performance of services 408which manipulate large numbers of files. 409Such services can include web caches, large mail systems, and news systems. 410Turning on this option will generally not reduce performance even with the 411wasted memory but you should experiment to find out. 412.Pp 413There are various buffer-cache and VM page cache related sysctls. 414We do not recommend modifying those values. 415As of 416.Fx 4.3 , 417the VM system does an extremely good job tuning itself. 418.Pp 419The 420.Va net.inet.tcp.sendspace 421and 422.Va net.inet.tcp.recvspace 423sysctls are of particular interest if you are running network intensive 424applications. 425This controls the amount of send and receive buffer space 426allowed for any given TCP connection. 427The default sending buffer is 32k; the default receiving buffer 428is 64k. 429You can often 430improve bandwidth utilization by increasing the default at the cost of 431eating up more kernel memory for each connection. 432We do not recommend 433increasing the defaults if you are serving hundreds or thousands of 434simultaneous connections because it is possible to quickly run the system 435out of memory due to stalled connections building up. 436But if you need 437high bandwidth over a fewer number of connections, especially if you have 438gigabit ethernet, increasing these defaults can make a huge difference. 439You can adjust the buffer size for incoming and outgoing data separately. 440For example, if your machine is primarily doing web serving you may want 441to decrease the recvspace in order to be able to increase the 442sendspace without eating too much kernel memory. 443Note that the routing table (see 444.Xr route 8 ) 445can be used to introduce route-specific send and receive buffer size 446defaults. 447.Pp 448As an additional management tool you can use pipes in your 449firewall rules (see 450.Xr ipfw 8 ) 451to limit the bandwidth going to or from particular IP blocks or ports. 452For example, if you have a T1 you might want to limit your web traffic 453to 70% of the T1's bandwidth in order to leave the remainder available 454for mail and interactive use. 455Normally a heavily loaded web server 456will not introduce significant latencies into other services even if 457the network link is maxed out, but enforcing a limit can smooth things 458out and lead to longer term stability. 459Many people also enforce artificial 460bandwidth limitations in order to ensure that they are not charged for 461using too much bandwidth. 462.Pp 463Setting the send or receive TCP buffer to values larger then 65535 will result 464in a marginal performance improvement unless both hosts support the window 465scaling extension of the TCP protocol, which is controlled by the 466.Va net.inet.tcp.rfc1323 467sysctl. 468These extensions should be enabled and the TCP buffer size should be set 469to a value larger than 65536 in order to obtain good performance out of 470certain types of network links; specifically, gigabit WAN links and 471high-latency satellite links. 472.Pp 473The 474.Va net.inet.tcp.always_keepalive 475sysctl determines whether or not the TCP implementation should attempt 476to detect dead TCP connections by intermittently delivering "keepalives" 477on the connection. 478By default, this is enabled for all applications; by setting this 479sysctl to 0, only applications that specifically request keepalives 480will use them. 481In most environments, TCP keepalives will improve the management of 482system state by expiring dead TCP connections, particularly for 483systems serving dialup users who may not always terminate individual 484TCP connections before disconnecting from the network. 485However, in some environments, temporary network outages may be 486incorrectly identified as dead sessions, resulting in unexpectedly 487terminated TCP connections. 488In such environments, setting the sysctl to 0 may reduce the occurrence of 489TCP session disconnections. 490.Pp 491The 492.Va kern.ipc.somaxconn 493sysctl limits the size of the listen queue for accepting new TCP connections. 494The default value of 128 is typically too low for robust handling of new 495connections in a heavily loaded web server environment. 496For such environments, 497we recommend increasing this value to 1024 or higher. 498The service daemon 499may itself limit the listen queue size (e.g.\& 500.Xr sendmail 8 , 501apache) but will 502often have a directive in its configuration file to adjust the queue size up. 503Larger listen queues also do a better job of fending off denial of service 504attacks. 505.Pp 506The 507.Va kern.maxfiles 508sysctl determines how many open files the system supports. 509The default is 510typically a few thousand but you may need to bump this up to ten or twenty 511thousand if you are running databases or large descriptor-heavy daemons. 512The read-only 513.Va kern.openfiles 514sysctl may be interrogated to determine the current number of open files 515on the system. 516.Pp 517The 518.Va vm.swap_idle_enabled 519sysctl is useful in large multi-user systems where you have lots of users 520entering and leaving the system and lots of idle processes. 521Such systems 522tend to generate a great deal of continuous pressure on free memory reserves. 523Turning this feature on and adjusting the swapout hysteresis (in idle 524seconds) via 525.Va vm.swap_idle_threshold1 526and 527.Va vm.swap_idle_threshold2 528allows you to depress the priority of pages associated with idle processes 529more quickly then the normal pageout algorithm. 530This gives a helping hand 531to the pageout daemon. 532Do not turn this option on unless you need it, 533because the tradeoff you are making is to essentially pre-page memory sooner 534rather then later, eating more swap and disk bandwidth. 535In a small system 536this option will have a detrimental effect but in a large system that is 537already doing moderate paging this option allows the VM system to stage 538whole processes into and out of memory more easily. 539.Sh LOADER TUNABLES 540Some aspects of the system behavior may not be tunable at runtime because 541memory allocations they perform must occur early in the boot process. 542To change loader tunables, you must set their value in 543.Xr loader.conf 5 544and reboot the system. 545.Pp 546The 547.Va kern.maxusers 548tunable defaults to an incredibly low value. 549For most modern machines, 550you probably want to increase this value to 64, 128, or 256. 551We do not 552recommend going above 256 unless you need a huge number of file descriptors. 553Network buffers are also affected but can be controlled with a separate 554kernel option. 555Do not increase maxusers just to get more network mbufs. 556Systems older than 557.Fx 4.4 558do not have this loader tunable and require that 559the kernel 560.Xr config 8 561option 562.Cd maxusers 563be set instead. 564.Pp 565.Va kern.ipc.nmbclusters 566may be adjusted to increase the number of network mbufs the system is 567willing to allocate. 568Each cluster represents approximately 2K of memory, 569so a value of 1024 represents 2M of kernel memory reserved for network 570buffers. 571You can do a simple calculation to figure out how many you need. 572If you have a web server which maxes out at 1000 simultaneous connections, 573and each connection eats a 16K receive and 16K send buffer, you need 574approximate 32MB worth of network buffers to deal with it. 575A good rule of 576thumb is to multiply by 2, so 32MBx2 = 64MB/2K = 32768. 577So for this case 578you would want to set 579.Va kern.ipc.nmbclusters 580to 32768. 581We recommend values between 5821024 and 4096 for machines with moderates amount of memory, and between 4096 583and 32768 for machines with greater amounts of memory. 584Under no circumstances 585should you specify an arbitrarily high value for this parameter, it could 586lead to a boot-time crash. 587The 588.Fl m 589option to 590.Xr netstat 1 591may be used to observe network cluster use. 592Older versions of 593.Fx 594do not have this tunable and require that the 595kernel 596.Xr config 8 597option 598.Dv NMBCLUSTERS 599be set instead. 600.Pp 601More and more programs are using the 602.Xr sendfile 2 603system call to transmit files over the network. 604The 605.Va kern.ipc.nsfbufs 606sysctl controls the number of filesystem buffers 607.Xr sendfile 2 608is allowed to use to perform its work. 609This parameter nominally scales 610with 611.Va kern.maxusers 612so you should not need to modify this parameter except under extreme 613circumstances. 614.Sh KERNEL CONFIG TUNING 615There are a number of kernel options that you may have to fiddle with in 616a large scale system. 617In order to change these options you need to be 618able to compile a new kernel from source. 619The 620.Xr config 8 621manual page and the handbook are good starting points for learning how to 622do this. 623Generally the first thing you do when creating your own custom 624kernel is to strip out all the drivers and services you don't use. 625Removing things like 626.Dv INET6 627and drivers you don't have will reduce the size of your kernel, sometimes 628by a megabyte or more, leaving more memory available for applications. 629.Pp 630.Dv SCSI_DELAY 631and 632.Dv IDE_DELAY 633may be used to reduce system boot times. 634The defaults are fairly high and 635can be responsible for 15+ seconds of delay in the boot process. 636Reducing 637.Dv SCSI_DELAY 638to 5 seconds usually works (especially with modern drives). 639Reducing 640.Dv IDE_DELAY 641also works but you have to be a little more careful. 642.Pp 643There are a number of 644.Dv *_CPU 645options that can be commented out. 646If you only want the kernel to run 647on a Pentium class CPU, you can easily remove 648.Dv I386_CPU 649and 650.Dv I486_CPU , 651but only remove 652.Dv I586_CPU 653if you are sure your CPU is being recognized as a Pentium II or better. 654Some clones may be recognized as a Pentium or even a 486 and not be able 655to boot without those options. 656If it works, great! 657The operating system 658will be able to better-use higher-end CPU features for MMU, task switching, 659timebase, and even device operations. 660Additionally, higher-end CPUs support 6614MB MMU pages which the kernel uses to map the kernel itself into memory, 662which increases its efficiency under heavy syscall loads. 663.Sh IDE WRITE CACHING 664.Fx 4.3 665flirted with turning off IDE write caching. 666This reduced write bandwidth 667to IDE disks but was considered necessary due to serious data consistency 668issues introduced by hard drive vendors. 669Basically the problem is that 670IDE drives lie about when a write completes. 671With IDE write caching turned 672on, IDE hard drives will not only write data to disk out of order, they 673will sometimes delay some of the blocks indefinitely when under heavy disk 674loads. 675A crash or power failure can result in serious filesystem 676corruption. 677So our default was changed to be safe. 678Unfortunately, the 679result was such a huge loss in performance that we caved in and changed the 680default back to on after the release. 681You should check the default on 682your system by observing the 683.Va hw.ata.wc 684sysctl variable. 685If IDE write caching is turned off, you can turn it back 686on by setting the 687.Va hw.ata.wc 688kernel variable back to 1. 689This must be done from the boot 690.Xr loader 8 691at boot time. 692Attempting to do it after the kernel boots will have no effect. 693Please see 694.Xr ata 4 695and 696.Xr loader 8 . 697.Pp 698There is a new experimental feature for IDE hard drives called 699.Va hw.ata.tags 700(you also set this in the boot loader) which allows write caching to be safely 701turned on. 702This brings SCSI tagging features to IDE drives. 703As of this 704writing only IBM DPTA and DTLA drives support the feature. 705Warning! 706These 707drives apparently have quality control problems and I do not recommend 708purchasing them at this time. 709If you need performance, go with SCSI. 710.Sh CPU, MEMORY, DISK, NETWORK 711The type of tuning you do depends heavily on where your system begins to 712bottleneck as load increases. 713If your system runs out of CPU (idle times 714are perpetually 0%) then you need to consider upgrading the CPU or moving to 715an SMP motherboard (multiple CPU's), or perhaps you need to revisit the 716programs that are causing the load and try to optimize them. 717If your system 718is paging to swap a lot you need to consider adding more memory. 719If your 720system is saturating the disk you typically see high CPU idle times and 721total disk saturation. 722.Xr systat 1 723can be used to monitor this. 724There are many solutions to saturated disks: 725increasing memory for caching, mirroring disks, distributing operations across 726several machines, and so forth. 727If disk performance is an issue and you 728are using IDE drives, switching to SCSI can help a great deal. 729While modern 730IDE drives compare with SCSI in raw sequential bandwidth, the moment you 731start seeking around the disk SCSI drives usually win. 732.Pp 733Finally, you might run out of network suds. 734The first line of defense for 735improving network performance is to make sure you are using switches instead 736of hubs, especially these days where switches are almost as cheap. 737Hubs 738have severe problems under heavy loads due to collision backoff and one bad 739host can severely degrade the entire LAN. 740Second, optimize the network path 741as much as possible. 742For example, in 743.Xr firewall 7 744we describe a firewall protecting internal hosts with a topology where 745the externally visible hosts are not routed through it. 746Use 100BaseT rather 747than 10BaseT, or use 1000BaseT rather then 100BaseT, depending on your needs. 748Most bottlenecks occur at the WAN link (e.g.\& 749modem, T1, DSL, whatever). 750If expanding the link is not an option it may be possible to use 751.Xr dummynet 4 752feature to implement peak shaving or other forms of traffic shaping to 753prevent the overloaded service (such as web services) from affecting other 754services (such as email), or vice versa. 755In home installations this could 756be used to give interactive traffic (your browser, 757.Xr ssh 1 758logins) priority 759over services you export from your box (web services, email). 760.Sh SEE ALSO 761.Xr netstat 1 , 762.Xr systat 1 , 763.Xr ata 4 , 764.Xr dummynet 4 , 765.Xr login.conf 5 , 766.Xr firewall 7 , 767.Xr hier 7 , 768.Xr ports 7 , 769.Xr boot 8 , 770.Xr ccdconfig 8 , 771.Xr config 8 , 772.Xr disklabel 8 , 773.Xr fsck 8 , 774.Xr ifconfig 8 , 775.Xr ipfw 8 , 776.Xr loader 8 , 777.Xr mount 8 , 778.Xr newfs 8 , 779.Xr route 8 , 780.Xr sysctl 8 , 781.Xr tunefs 8 , 782.Xr vinum 8 783.Sh HISTORY 784The 785.Nm 786manual page was originally written by 787.An Matthew Dillon 788and first appeared 789in 790.Fx 4.3 , 791May 2001. 792