Hey everyone, We are currently using Shorewall 3.2.4 on a Gentoo distro with a dual-core Pentium 2.8Ghz and 1GB Ram. It is setup running NAT as our default network gateway to a 10Mb direct internet connection. I am wondering if there is some way to measure the latency produced by the firewall and if there are some standard kernel settings that can help latency. I am even willing to build a kernel with some low-latency patches if it may help. I ask this question because even though our internet connection is mostly idle it feels sluggish. Throughput seems on target, but browsing seems slower than on my own cable connection at home. Thanks, Josh Perry ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
Joshua Perry wrote:> > I am wondering if there is some way to measure the latency produced by > the firewall and if there are some standard kernel settings that can > help latency.Yes -- it''s called traffic shaping (bandwidth management, traffic control, QOS, ...). See http://www.shorewall.net/traffic_shaping.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
Try running your own DNS servers/resolvers. I doubt the firewall is introducing any latency that''s human detectable. (we''re talking typically sub-milli-second times on a machine that fast). A lot of times when I hear abotu things like that it''s the resolvers they''re using. You can also do traffic shaping/QOS, but that only makes a difference when there''s contention. --On June 23, 2008 4:19:02 PM -0600 Joshua Perry <josh@6bit.com> wrote:> > Hey everyone, > > We are currently using Shorewall 3.2.4 on a Gentoo distro with a > dual-core Pentium 2.8Ghz and 1GB Ram. It is setup running NAT as our > default network gateway to a 10Mb direct internet connection. > > I am wondering if there is some way to measure the latency produced by > the firewall and if there are some standard kernel settings that can help > latency. I am even willing to build a kernel with some low-latency > patches if it may help. > > I ask this question because even though our internet connection is mostly > idle it feels sluggish. Throughput seems on target, but browsing seems > slower than on my own cable connection at home. > > Thanks, > Josh Perry-- "Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds." -- Samuel Butler ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
Thanks Michael, I guess my question was a little misrepresented. Just to clarify for others; I don''t need certain streams to be lower latency, just the overall latency of the internet connection seems off. I would love a more concrete measurement than seat-of-my-pants feeling, I''m just not sure what the best method to measure such things are. To respond to your comment, we are using our own internal caching DNS servers, which are themselves redirected to opendns which is allegedly the fastest DNS service available. Besides that, what makes me think it is unrelated to DNS is that even intra-page content is relatively slow. So even though the HTML may have a delay in loading, if it was DNS the images and other resources should load quickly, which isn''t the case. Thanks again, Josh -------------------------------------------------- From: "Michael Loftis" <mloftis@wgops.com> Sent: Monday, June 23, 2008 4:49 PM To: "Shorewall Users" <shorewall-users@lists.sourceforge.net> Subject: Re: [Shorewall-users] Low latency/realtime> Try running your own DNS servers/resolvers. I doubt the firewall is > introducing any latency that''s human detectable. (we''re talking typically > sub-milli-second times on a machine that fast). A lot of times when I > hear > abotu things like that it''s the resolvers they''re using. > > You can also do traffic shaping/QOS, but that only makes a difference when > there''s contention. > > --On June 23, 2008 4:19:02 PM -0600 Joshua Perry <josh@6bit.com> wrote: > >> >> Hey everyone, >> >> We are currently using Shorewall 3.2.4 on a Gentoo distro with a >> dual-core Pentium 2.8Ghz and 1GB Ram. It is setup running NAT as our >> default network gateway to a 10Mb direct internet connection. >> >> I am wondering if there is some way to measure the latency produced by >> the firewall and if there are some standard kernel settings that can help >> latency. I am even willing to build a kernel with some low-latency >> patches if it may help. >> >> I ask this question because even though our internet connection is mostly >> idle it feels sluggish. Throughput seems on target, but browsing seems >> slower than on my own cable connection at home. >> >> Thanks, >> Josh Perry > > > > -- > "Genius might be described as a supreme capacity for getting its > possessors > into trouble of all kinds." > -- Samuel Butler > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It''s the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
Have you connected another box (window$, mac, etc) to your connection to test ? Have you played with MTU/MSS ?Try IPERF to measure: http://dast.nlanr.net/Projects/Iperf/ Tutorial: http://openmaniak.com/iperf.php -- Gilson Soares On Mon, Jun 23, 2008 at 19:59, Joshua Perry <josh@6bit.com> wrote:> Thanks Michael, > > I guess my question was a little misrepresented. Just to clarify for > others; I don''t need certain streams to be lower latency, just the overall > latency of the internet connection seems off. I would love a more concrete > measurement than seat-of-my-pants feeling, I''m just not sure what the best > method to measure such things are. > > To respond to your comment, we are using our own internal caching DNS > servers, which are themselves redirected to opendns which is allegedly the > fastest DNS service available. Besides that, what makes me think it is > unrelated to DNS is that even intra-page content is relatively slow. So > even though the HTML may have a delay in loading, if it was DNS the images > and other resources should load quickly, which isn''t the case. > > Thanks again, > Josh > > -------------------------------------------------- > From: "Michael Loftis" <mloftis@wgops.com> > Sent: Monday, June 23, 2008 4:49 PM > To: "Shorewall Users" <shorewall-users@lists.sourceforge.net> > Subject: Re: [Shorewall-users] Low latency/realtime > > > Try running your own DNS servers/resolvers. I doubt the firewall is > > introducing any latency that''s human detectable. (we''re talking > typically > > sub-milli-second times on a machine that fast). A lot of times when I > > hear > > abotu things like that it''s the resolvers they''re using. > > > > You can also do traffic shaping/QOS, but that only makes a difference > when > > there''s contention. > > > > --On June 23, 2008 4:19:02 PM -0600 Joshua Perry <josh@6bit.com> wrote: > > > >> > >> Hey everyone, > >> > >> We are currently using Shorewall 3.2.4 on a Gentoo distro with a > >> dual-core Pentium 2.8Ghz and 1GB Ram. It is setup running NAT as our > >> default network gateway to a 10Mb direct internet connection. > >> > >> I am wondering if there is some way to measure the latency produced by > >> the firewall and if there are some standard kernel settings that can > help > >> latency. I am even willing to build a kernel with some low-latency > >> patches if it may help. > >> > >> I ask this question because even though our internet connection is > mostly > >> idle it feels sluggish. Throughput seems on target, but browsing seems > >> slower than on my own cable connection at home. > >> > >> Thanks, > >> Josh Perry > > > > > > > > -- > > "Genius might be described as a supreme capacity for getting its > > possessors > > into trouble of all kinds." > > -- Samuel Butler > > > > ------------------------------------------------------------------------- > > Check out the new SourceForge.net Marketplace. > > It''s the best place to buy or sell services for > > just about anything Open Source. > > http://sourceforge.net/services/buy/index.php > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It''s the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
Joshua Perry wrote:>We are currently using Shorewall 3.2.4 on a Gentoo distro with a >dual-core Pentium 2.8Ghz and 1GB Ram. It is setup running NAT as >our default network gateway to a 10Mb direct internet connection. > >I am wondering if there is some way to measure the latency produced >by the firewall and if there are some standard kernel settings that >can help latency. I am even willing to build a kernel with some >low-latency patches if it may help.Tools like traceroute, mtr, or smokeping will (in different ways) show you the latency to different hops in a path. Even a couple of pings, one to the firewall, one to the next hop, would give you some idea. This assumes, of course, that the latency isn''t somewhere upstream and the people responsible haven''t done QoS to make pings look fast ! ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
>if it was DNS the images and other resources should load quickly, whichisn''t the case. Not necessarily. The images & other intra-page content may be hosted on different servers from the page you are loading. What you are describing is classic DNS latency, although I''ve also heard that OpenDNS is extremely fast, there may be something else going on. Try running a few nslookups to servers you don''t have cached (i.e. off the wall sites) using your caching DNS servers and see if the response time is as expected. - Bob Coffman ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php