I know it''s off-topic for this list, but I imagine someone on here might have some ideas : At work we have a 2mpbs line and I have a box doing traffic shaping (''wondershaper using htb) and accounting (254 addresses, in and out) as a bridge (ie we simply stuck it between the network and the ISP provided router). This box is a 1GHz Celeron. We are upgrading to a 6mpbs line, and have the opportunity to run the gateway box as a router instead of a bridge. I built the new box with a 1GHz Pentium III. However, the new box cannot route packets at full line speed - even with accounting and traffic shaping disabled. We tried it with a server that''s ''between jobs'' at the moment, a 2GHz, dual quad-core Intel something - that can route the packets and count them, but still can''t handle the traffic shaping. I have a couple of questions : 1) Does anyone know if there is any significant different in performance between routing and bridging packets in Linux ? Ie, if I reconfigured this new box as a bridge and sourced a different box to do the routing, would it be likely to handle the traffic better ? 2) Am I right in thinking that routing/accounting/shaping lots of packets won''t use multiple cores effectively ? So we''d be better of with a faster single core machine ? We have a quote for a new box (2GHz Xeon) but we don''t want to shell out and find it still can''t cope. ANy ideas greatfully received. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Sat, Jan 26, 2008 at 05:27:14PM +0000, Simon Hobson wrote:> We are upgrading to a 6mpbs line, and have the opportunity to run the > gateway box as a router instead of a bridge. I built the new box with > a 1GHz Pentium III. > > However, the new box cannot route packets at full line speed - even > with accounting and traffic shaping disabled. We tried it with a > server that''s ''between jobs'' at the moment, a 2GHz, dual quad-core > Intel something - that can route the packets and count them, but > still can''t handle the traffic shaping.Rule of thumb is roughly one GHz per Gbit of traffic, if the only thing it''s going through is the routing table. You''re well over that, so something is probably wrong. I''d be looking hard at your network devices and motherboard.> I have a couple of questions : > > 1) Does anyone know if there is any significant different in > performance between routing and bridging packets in Linux ? Ie, if I > reconfigured this new box as a bridge and sourced a different box to > do the routing, would it be likely to handle the traffic better ?There is no fundamental performance difference between the routing and bridging code, but your specific configuration may have one. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Simon Hobson wrote:> I know it''s off-topic for this list, but I imagine someone on here > might have some ideas : > > At work we have a 2mpbs line and I have a box doing traffic shaping > (''wondershaper using htb) and accounting (254 addresses, in and out) > as a bridge (ie we simply stuck it between the network and the ISP > provided router). This box is a 1GHz Celeron. > > > We are upgrading to a 6mpbs line, and have the opportunity to run the > gateway box as a router instead of a bridge. I built the new box with > a 1GHz Pentium III. > > However, the new box cannot route packets at full line speed - even > with accounting and traffic shaping disabled. We tried it with a > server that''s ''between jobs'' at the moment, a 2GHz, dual quad-core > Intel something - that can route the packets and count them, but > still can''t handle the traffic shaping. > > > I have a couple of questions : > > 1) Does anyone know if there is any significant different in > performance between routing and bridging packets in Linux ? Ie, if I > reconfigured this new box as a bridge and sourced a different box to > do the routing, would it be likely to handle the traffic better ? > > 2) Am I right in thinking that routing/accounting/shaping lots of > packets won''t use multiple cores effectively ? So we''d be better of > with a faster single core machine ? We have a quote for a new box > (2GHz Xeon) but we don''t want to shell out and find it still can''t > cope. > > ANy ideas greatfully received. > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >Not only is this not shorewall related, but you really don''t give enough information to solve your problem. What else is on the router? What kind of shaping are you trying to do? What software are you using for the shaping and what is the underlying operating system? It seems like you ought to be able to do this with the hardware you already have... if you have plenty of ram and the software configuration is right. --Mike ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Mike Purnell wrote:>Not only is this not shorewall related, but you really don''t give enough >information to solve your problem.I know, it''s hard to know where to balance being too terse, and giving too many irrelevant details :-(>What else is on the router?Nothing (apart from Shorewall that is). It will NFS export a directory containing rrd databases of it''s logs.>What kind of shaping are you trying to do? What software are you using for the >shaping and what is the underlying operating system?The "wondershaper" config using HTB from the LARTC (15.8.3 on here http://lartc.org/howto/lartc.cookbook.ultimate-tc.html). It''s started from Shorewall vi the tcstart file. Debian Etch 386>It seems like you ought to be able to do this with the hardware you >already have... if you have plenty of ram and the software >configuration is right.The ''new'' box I built I would have expected to cope, but I suspect that one of the NICs may have something to do with it - it''s not one I would have chosen (sorry, can''t remember which one now, I''m at home and the box is at work and not accessible - could be an RTL8139) but this was (at the time) a zero budget job ! I should have access to an Intel NIC to replace it with next week. One thing that makes me suspicious is that if I load up the system and then try to copy a large file off it with SCP then it kernel panics - and it appears to be related to interrupts in the NIC driver. The base machine is a recycled server with Intel server board in it, a Pentium III 1GHz, 512M RAM. The ''old'' box seems to handle 2mbps without any problem - that''s why I''m surprised at having so much trouble with 6mbps. The old box sits there at 98% idle, except when drawing graphs, some of which can take several seconds of 100% processor utilisation to create. It also runs Nagios and monitors about a 1000 services - one of the reasons for building a new box is to split the routing and monitoring functions. Temporarily I''ve cloned the setup onto another box, this has dual quad core 2GHz processors - I suspect the multiple cores don''t help when the kernel is spending so much time in low level stuff like shovelling packets about. I''m told that these don''t have 4off 2GHz cores, but more likely 4off 500MHz cores adding up to 2GHz - sounds ''iffy'' to me but I''ve not kept up with details like this for some years. This bigger box is Dell with dual embedded NICs (btx driver) which can shift the packets AND count them, but still can''t manage wirespeed if I turn on the shaping (and yes I HAVE set the shaping speeds so they shouldn''t be limiting the rate (yet) !) ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Sun, Jan 27, 2008 at 09:34:17AM +0000, Simon Hobson wrote:> The ''new'' box I built I would have expected to cope, but I suspect > that one of the NICs may have something to do with it - it''s not one > I would have chosen (sorry, can''t remember which one now, I''m at home > and the box is at work and not accessible - could be an RTL8139) but > this was (at the time) a zero budget job ! I should have access to an > Intel NIC to replace it with next week. One thing that makes me > suspicious is that if I load up the system and then try to copy a > large file off it with SCP then it kernel panics - and it appears to > be related to interrupts in the NIC driver.That''ll be the broken version of the 8139c chip. Don''t ever use it. Don''t even load the driver. The hardware is too buggy to ever work. Not that I would ever use any Realtek chip. They''re all terrible, slow, CPU-hungry junk, that one is just worse than usual in that it can take out the whole system. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Andrew Suffield wrote:>That''ll be the broken version of the 8139c chip. Don''t ever use >it. Don''t even load the driver. The hardware is too buggy to ever >work. > >Not that I would ever use any Realtek chip. They''re all terrible, >slow, CPU-hungry junk, that one is just worse than usual in that it >can take out the whole system.Unfortunately it was the only one lying around - in fact there''s a drawer full of them ! I''ve asked for an Intel card to replace it. Hopefully the PHB will spend something on it now ! ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
At 17:48 +0000 26/1/08, Andrew Suffield wrote:>On Sat, Jan 26, 2008 at 05:27:14PM +0000, Simon Hobson wrote: >> We are upgrading to a 6mpbs line, and have the opportunity to run the >> gateway box as a router instead of a bridge. I built the new box with >> a 1GHz Pentium III. >> >> However, the new box cannot route packets at full line speed - even >> with accounting and traffic shaping disabled. We tried it with a >> server that''s ''between jobs'' at the moment, a 2GHz, dual quad-core >> Intel something - that can route the packets and count them, but >> still can''t handle the traffic shaping. > >Rule of thumb is roughly one GHz per Gbit of traffic, if the only >thing it''s going through is the routing table. You''re well over that, >so something is probably wrong. I''d be looking hard at your network >devices and motherboard.I''ve been able to revisit this one. Firstly, the ''duff'' card that allowed me to crash the system wasn''t a realtek (yes, I know where to file those), but a D-Link DFE530TX - ie not something I''d have associated with poor quality. Anyway, I''ve now replaced it with an Intel card - so internal is e1000 driver, external is e100 driver. My box (1GHz Pentium, 256M RAM) can route (and count) a full 6Mbps, but as soon as I turn on traffic control, throughput drops to about 4Mbps. I''m guessing that the packet handling for traffic control is substantially more complicated than for routing and accounting. Anyone got any more ideas ? Since this isn''t directly Shorewall related, anyone got any suggestions for more appropriate places to look for help ? ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
At 09:12 +0000 31/3/08, I wrote:>Anyway, I''ve now replaced it with an Intel card - so internal is >e1000 driver, external is e100 driver. My box (1GHz Pentium, 256M >RAM) can route (and count) a full 6Mbps, but as soon as I turn on >traffic control, throughput drops to about 4Mbps. I''m guessing that >the packet handling for traffic control is substantially more >complicated than for routing and accounting.Well in a real "Doh, how on earth could I do that" moment, I spotted the problem - a minor issue of using "kbit" instead of "k" for my cburst settings. All that happened (expressing it very simply) was that with the token bucket now "too small", the class would run out of tokens before the start of the next jiffie when it gets some more. Once I fixed that then it all started working normally. As a FYI - this box is routing a 6mbps symmetric service, doing traffic shaping (both in and out) for ourselves and several customers (with 4 levels of priority each), plus doing traffic accounting for all 254 addresses in a class C network. Under full load it runs at about 90 to 95% idle. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php