I am running Debian kernel 2.6.26-2-686, shorewall 4.4.11.6
My provider gives me 32Mb/down, and 5Mb/Up. I am testing the limit of
download for certain zones, and have found that when running shorewall
traffic shaper, I am getting 2.5-3.0Mb download. When I set TC_ENABLED=no,
then I get 28-30Mb as expected.
My test if from a PC on the lan with ip 192.168.150.2. I have followed the
guidelines for limiting download, and I would expect this traffic to be in
the 10Mb range based on my settings. I am confused why it is slowing to
2.5-3.0Mb, but as soon as I disable TC, it jumps up to full.
My ideal scenario is to dedicate bandwidth for VOIP & DFS traffic, with a
larger pool available for web browsing at a lower priority.
I am attaching the results of shorewall dump as well.
tcclasses:
#INTERFACE:CLASS MARK RATE CEIL PRIORITY OPTIONS
eth1 1 728kbit full 1
tos=0x68/0xfc,tos=0xb8/0xfc,tos=0x48/0xfc #voip
eth1 2 10kbit 50kbit 2
tcp-ack,tos-minimize-delay #icmp
eth1 3 128kbit full 3
#DFS
eth1 5 128kbit full 4 default
eth0 1 1mbit full 1
tos=0x68/0xfc,tos=0xb8/0xfc,tos=0x48/0xfc #voip
eth0 2 100kbit 500kbit 2
tcp-ack,tos-minimize-delay #icmp
eth0 3 1mbit 10mbit 3
#DFS
eth0 4 1mbit 10mbit 4
#Web Browse
eth0 5 90mbit full 5 default
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
tcrules:
######################################################################################################################
#MARK SOURCE DEST PROTO DEST SOURCE USER
TEST LENGTH TOS CONNBYTES HELPER
# PORT(S) PORT(S)
1 $FW - udp 4569
1 $FW - tcp 4569
1 $FW - udp 5060:5061
1 $FW - tcp 5060:5061
1 $FW - udp 10000:20000
1 $FW - tcp 10000:20000
2 - - icmp echo-request
2 - - icmp echo-reply
2:F - - icmp echo-request
2:F - - icmp echo-reply
3:F 192.168.150.0/24 192.168.1.0/24 all #DFS
3:F 192.168.1.0/24 192.168.150.0/24 all #DFS
4:F eth1 192.168.150.0/24 all #Web Traffic
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
tcdevices:
###############################################################################
#NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED
#INTERFACE INTERFACES
eth1 20200kbit 5040kbit
eth0 - 1000mbit
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT data
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev
On 3/1/11 5:26 PM, Red Baron wrote:> I am running Debian kernel 2.6.26-2-686, shorewall 4.4.11.6 > > My provider gives me 32Mb/down, and 5Mb/Up. I am testing the limit of > download for certain zones, and have found that when running shorewall > traffic shaper, I am getting 2.5-3.0Mb download. When I set > TC_ENABLED=no, then I get 28-30Mb as expected.You are pretty much out of luck there until 4.4.18 when you can specify a <burst> size for IN-BANDWIDTH. Until then, the actual rate will be much slower that the specified rate.> > My test if from a PC on the lan with ip 192.168.150.2. I have followed > the guidelines for limiting download, and I would expect this traffic to > be in the 10Mb range based on my settings. I am confused why it is > slowing to 2.5-3.0Mb, but as soon as I disable TC, it jumps up to full.For troubleshooting TC problems, we really need to see the output of ''shorewall dump'' collected during a slow transfer. That''s the only way to know for sure what is going on. Please see http://www.shorewall.net/support.htm#Guidelines. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ What You Don''t Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d
I am upgrading to 4.4.19 to try to address this speed issue. How do I use the burst? I assume this is in the tcdevices file, since i am using TC_ENABLED=internal. Thanks! On Thu, Mar 3, 2011 at 5:07 PM, Tom Eastep <teastep@shorewall.net> wrote:> On 3/1/11 5:26 PM, Red Baron wrote: > > I am running Debian kernel 2.6.26-2-686, shorewall 4.4.11.6 > > > > My provider gives me 32Mb/down, and 5Mb/Up. I am testing the limit of > > download for certain zones, and have found that when running shorewall > > traffic shaper, I am getting 2.5-3.0Mb download. When I set > > TC_ENABLED=no, then I get 28-30Mb as expected. > > You are pretty much out of luck there until 4.4.18 when you can specify > a <burst> size for IN-BANDWIDTH. Until then, the actual rate will be > much slower that the specified rate. > > > > > My test if from a PC on the lan with ip 192.168.150.2. I have followed > > the guidelines for limiting download, and I would expect this traffic to > > be in the 10Mb range based on my settings. I am confused why it is > > slowing to 2.5-3.0Mb, but as soon as I disable TC, it jumps up to full. > > For troubleshooting TC problems, we really need to see the output of > ''shorewall dump'' collected during a slow transfer. That''s the only way > to know for sure what is going on. > > Please see http://www.shorewall.net/support.htm#Guidelines. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > What You Don''t Know About Data Connectivity CAN Hurt You > This paper provides an overview of data connectivity, details > its effect on application quality, and explores various alternative > solutions. http://p.sf.net/sfu/progress-d2d > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
I found this in the release notes:
6) The IN-BANDWIDTH column in both /etc/shorewall/tcdevices and
/etc/shorewall/tcinterfaces now accepts an optional burst parameter.
<rate>[:<burst>
setting the rate to 32mbps:100kbps did not affect the speed at all. What is
a rational number to put here that should let a client burst to full
capacity? is is 32mbps:32mbps ?
On Thu, Mar 3, 2011 at 5:07 PM, Tom Eastep <teastep@shorewall.net> wrote:
> On 3/1/11 5:26 PM, Red Baron wrote:
> > I am running Debian kernel 2.6.26-2-686, shorewall 4.4.11.6
> >
> > My provider gives me 32Mb/down, and 5Mb/Up. I am testing the limit of
> > download for certain zones, and have found that when running shorewall
> > traffic shaper, I am getting 2.5-3.0Mb download. When I set
> > TC_ENABLED=no, then I get 28-30Mb as expected.
>
> You are pretty much out of luck there until 4.4.18 when you can specify
> a <burst> size for IN-BANDWIDTH. Until then, the actual rate will be
> much slower that the specified rate.
>
> >
> > My test if from a PC on the lan with ip 192.168.150.2. I have followed
> > the guidelines for limiting download, and I would expect this traffic
to
> > be in the 10Mb range based on my settings. I am confused why it is
> > slowing to 2.5-3.0Mb, but as soon as I disable TC, it jumps up to
full.
>
> For troubleshooting TC problems, we really need to see the output of
> ''shorewall dump'' collected during a slow transfer.
That''s the only way
> to know for sure what is going on.
>
> Please see http://www.shorewall.net/support.htm#Guidelines.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
------------------------------------------------------------------------------
> What You Don''t Know About Data Connectivity CAN Hurt You
> This paper provides an overview of data connectivity, details
> its effect on application quality, and explores various alternative
> solutions. http://p.sf.net/sfu/progress-d2d
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
On Apr 29, 2011, at 7:59 AM, Red Baron wrote:> I found this in the release notes: > > 6) The IN-BANDWIDTH column in both /etc/shorewall/tcdevices and > /etc/shorewall/tcinterfaces now accepts an optional burst parameter. > > <rate>[:<burst> > > setting the rate to 32mbps:100kbps did not affect the speed at all. What is a rational number to put here that should let a client burst to full capacity? is is 32mbps:32mbps ?I use this: 50mbit:200kb and I am able to download at 50mbit -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
On Apr 29, 2011, at 3:50 PM, Tom Eastep <teastep@shorewall.net> wrote:> > On Apr 29, 2011, at 7:59 AM, Red Baron wrote: > >> I found this in the release notes: >> >> 6) The IN-BANDWIDTH column in both /etc/shorewall/tcdevices and >> /etc/shorewall/tcinterfaces now accepts an optional burst parameter. >> >> <rate>[:<burst> >> >> setting the rate to 32mbps:100kbps did not affect the speed at all. What is a rational number to put here that should let a client burst to full capacity? is is 32mbps:32mbps ? > > > I use this: > > 50mbit:200kb > > and I am able to download at 50mbitTwo more things: 1. I have no idea how ingress policing works on a 32mbps line. That is roughly 7 times as fast as mine. Note that I said "policing"; it is not shaping. 2. You write "100kbps" for the burst but the burst is expressed as a number of bits/bytes. So I would expect to receive an error if I actually entered "32mbps:100kbps". -Tom ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
It appears as I was wrong on the configuration. I assed that mbps meant Mbps *NOT* MBps. I have a 32 megabit connection. Changing to 32mbit:200kbit fixed the issue. Thanks Tom! On Apr 29, 2011, at 11:12 PM, Tom Eastep <teastep@shorewall.net> wrote:> On Apr 29, 2011, at 3:50 PM, Tom Eastep <teastep@shorewall.net> wrote: > >> >> On Apr 29, 2011, at 7:59 AM, Red Baron wrote: >> >>> I found this in the release notes: >>> >>> 6) The IN-BANDWIDTH column in both /etc/shorewall/tcdevices and >>> /etc/shorewall/tcinterfaces now accepts an optional burst parameter. >>> >>> <rate>[:<burst> >>> >>> setting the rate to 32mbps:100kbps did not affect the speed at all. What is a rational number to put here that should let a client burst to full capacity? is is 32mbps:32mbps ? >> >> >> I use this: >> >> 50mbit:200kb >> >> and I am able to download at 50mbit > > Two more things: > > 1. I have no idea how ingress policing works on a 32mbps line. That is roughly 7 times as fast as mine. Note that I said "policing"; it is not shaping. > > 2. You write "100kbps" for the burst but the burst is expressed as a number of bits/bytes. So I would expect to receive an error if I actually entered "32mbps:100kbps". > > -Tom > > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
On Apr 30, 2011, at 1:36 AM, Red Baron wrote:> It appears as I was wrong on the configuration. I assed that mbps > meant Mbps *NOT* MBps. I have a 32 megabit connection. Changing to > 32mbit:200kbit fixed the issue.Glad to hear that you got it working. For future reference, both shorewall-tcdevices(5) and shorewall-tcinterfaces(5) include documentation about the units that may be used in Shorewall traffic shaping. These are the same as supported by the underlying iproute2 tools. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd