Shorewall users - Oct 2011 - TC issues after updating from RHEL4 to RHEL6

Hi,

I''ve just realized that something seems to be wrong with traffic
shaping
on two systems which were running RHEL4 and are now running RHEL6. While
trying to find what is wrong I even simplified the config but it just
doesn''t seem to work as it has with EL4. The test config looks like
this
(eth2 is the "internet" interface):

in shorewall.conf I have:
TC_ENABLED=Internal

tcdevices:
#NUMBER:        IN-BANDWITH     OUT-BANDWIDTH   OPTIONS         REDIRECTED
#INTERFACE                                                      INTERFACES
eth2            20000kbit       2000kbit

tcclasses:
#INTERFACE:CLASS        MARK    RATE:           CEIL    PRIORITY       
OPTIONS
#                               DMAX:UMAX
eth2            1       full/4  full            1      
tcp-ack,tos-minimize-delay
eth2            2       full/4  full            2       default
eth2            3       full/8  full*8/10       2


Now, on the completely idle link I can do what I want, downloading http or
doing rsync via ssh, I get download speeds of 200-500 kB/s. Setting
TC_ENABLED=No immediately increases the downstream to its full speed.

Looks like I''m missing the obvious, but what is it?
The output of "shorewall show tc eth2" is attached.

Thanks for any ideas!

Regards,
Simon

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Tue, 2011-10-11 at 10:31 +0200, Simon Matter wrote:
> 
> 
> Now, on the completely idle link I can do what I want, downloading http or
> doing rsync via ssh, I get download speeds of 200-500 kB/s. Setting
> TC_ENABLED=No immediately increases the downstream to its full speed.
> 
> Looks like I''m missing the obvious, but what is it?
> The output of "shorewall show tc eth2" is attached.
> 
Hi Simon,

Have you checked FAQ 97?

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Tue, 2011-10-11 at 10:31 +0200, Simon Matter wrote:
> eth2            3       full/8  full*8/10       2
> 
> 
> Now, on the completely idle link I can do what I want, downloading http or
> doing rsync via ssh, I get download speeds of 200-500 kB/s. Setting
> TC_ENABLED=No immediately increases the downstream to its full speed.
> 
> Looks like I''m missing the obvious, but what is it?
> The output of "shorewall show tc eth2" is attached.
> 
> Thanks for any ideas!
Please disregard my earlier post -- Your problem is download speed where
FAQ 97 addresses upload speed.

I''ll take a look.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Tue, 2011-10-11 at 10:31 +0200, Simon Matter wrote:
> Hi,
> 
> I''ve just realized that something seems to be wrong with traffic
shaping
> on two systems which were running RHEL4 and are now running RHEL6. While
> trying to find what is wrong I even simplified the config but it just
> doesn''t seem to work as it has with EL4. The test config looks
like this
> (eth2 is the "internet" interface):
> 
> in shorewall.conf I have:
> TC_ENABLED=Internal
> 
> tcdevices:
> #NUMBER:        IN-BANDWITH     OUT-BANDWIDTH   OPTIONS         REDIRECTED
> #INTERFACE                                                      INTERFACES
> eth2            20000kbit       2000kbit
> 
> tcclasses:
> #INTERFACE:CLASS        MARK    RATE:           CEIL    PRIORITY       
> OPTIONS
> #                               DMAX:UMAX
> eth2            1       full/4  full            1      
> tcp-ack,tos-minimize-delay
> eth2            2       full/4  full            2       default
> eth2            3       full/8  full*8/10       2
> 
> 
> Now, on the completely idle link I can do what I want, downloading http or
> doing rsync via ssh, I get download speeds of 200-500 kB/s. Setting
> TC_ENABLED=No immediately increases the downstream to its full speed.
> 
> Looks like I''m missing the obvious, but what is it?
> The output of "shorewall show tc eth2" is attached.
You might try this suggestion from the Shorewall TC HOWTO:

        Note
        
        For fast lines, the actually download speed may be well below
        what you specify here. If you have this problem, then follow the
        bandwidth with a ":" and a burst size. The default burst is
        10kb, but on my 50mbit line, I specify 200kb. (50mbit:200kb).

-tOM
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Tue, 2011-10-11 at 06:37 -0700, Tom Eastep wrote:
> 
> You might try this suggestion from the Shorewall TC HOWTO:
> 
>         Note
>         
>         For fast lines, the actually download speed may be well below
>         what you specify here. If you have this problem, then follow the
>         bandwidth with a ":" and a burst size. The default burst
is
>         10kb, but on my 50mbit line, I specify 200kb. (50mbit:200kb).
I shouldn''t email before I have my morning coffee. This suggestion only
works with simple TC.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Tue, 2011-10-11 at 06:50 -0700, Tom Eastep wrote:
> On Tue, 2011-10-11 at 06:37 -0700, Tom Eastep wrote:
> 
> > 
> > You might try this suggestion from the Shorewall TC HOWTO:
> > 
> >         Note
> >         
> >         For fast lines, the actually download speed may be well below
> >         what you specify here. If you have this problem, then follow
the
> >         bandwidth with a ":" and a burst size. The default
burst is
> >         10kb, but on my 50mbit line, I specify 200kb. (50mbit:200kb).
> 
> I shouldn''t email before I have my morning coffee. This suggestion
only
> works with simple TC.
> 
Okay -- one more time, now that I have had my coffee.

Specifying a burst on your IN-BANDWIDTH should definitely help your
problem. I would start at 100kb. I seem to recall a user on IRC,
however, that was experiencing a similar problem. In that case, 
adding a burst did not solve the issue. Don''t recall which distro and
version that user was running.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

> On Tue, 2011-10-11 at 06:50 -0700, Tom Eastep wrote:
>> On Tue, 2011-10-11 at 06:37 -0700, Tom Eastep wrote:
>>
>> >
>> > You might try this suggestion from the Shorewall TC HOWTO:
>> >
>> >         Note
>> >
>> >         For fast lines, the actually download speed may be well
below
>> >         what you specify here. If you have this problem, then
follow
>> the
>> >         bandwidth with a ":" and a burst size. The
default burst is
>> >         10kb, but on my 50mbit line, I specify 200kb.
(50mbit:200kb).
>>
>> I shouldn''t email before I have my morning coffee. This
suggestion only
>> works with simple TC.
>>
>
> Okay -- one more time, now that I have had my coffee.
>
> Specifying a burst on your IN-BANDWIDTH should definitely help your
> problem. I would start at 100kb. I seem to recall a user on IRC,
> however, that was experiencing a similar problem. In that case,
> adding a burst did not solve the issue. Don''t recall which distro
and
> version that user was running.
Hi Tom,

Thanks for your effort in the early morning :)
I''ll try what you suggested. The funny thing is that the RHEL4 boxes
with
ancient 2.6.9 kernel have always worked exactly as expected. Now on RHEL6
with kernel 2.6.32 it just doesn''t do what I expect. I''ll give
feedback
soon.

Thanks,
Simon


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Tue, 2011-10-11 at 19:33 +0200, Simon Matter wrote:
> Thanks for your effort in the early morning :)
> I''ll try what you suggested. The funny thing is that the RHEL4
boxes with
> ancient 2.6.9 kernel have always worked exactly as expected. Now on RHEL6
> with kernel 2.6.32 it just doesn''t do what I expect. I''ll
give feedback
> soon.
> 
There is a bad defect in complex TC that was introduced in 4.4.23. The
net effect is that output shaping is completely broken.

I''ll be releasing 4.4.24.1 today.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Tue, 2011-10-11 at 10:55 -0700, Tom Eastep wrote:
> On Tue, 2011-10-11 at 19:33 +0200, Simon Matter wrote:
> 
> > Thanks for your effort in the early morning :)
> > I''ll try what you suggested. The funny thing is that the
RHEL4 boxes with
> > ancient 2.6.9 kernel have always worked exactly as expected. Now on
RHEL6
> > with kernel 2.6.32 it just doesn''t do what I expect.
I''ll give feedback
> > soon.
> > 
> 
> There is a bad defect in complex TC that was introduced in 4.4.23. The
> net effect is that output shaping is completely broken.
> 
> I''ll be releasing 4.4.24.1 today.
The problem is not so severe as I originally thought. It only occurs
when a logical device name is used on an interface that is named in
tcdevices.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

> On Tue, 2011-10-11 at 10:55 -0700, Tom Eastep wrote:
>> On Tue, 2011-10-11 at 19:33 +0200, Simon Matter wrote:
>>
>> > Thanks for your effort in the early morning :)
>> > I''ll try what you suggested. The funny thing is that the
RHEL4 boxes
>> with
>> > ancient 2.6.9 kernel have always worked exactly as expected. Now
on
>> RHEL6
>> > with kernel 2.6.32 it just doesn''t do what I expect.
I''ll give
>> feedback
>> > soon.
>> >
>>
>> There is a bad defect in complex TC that was introduced in 4.4.23. The
>> net effect is that output shaping is completely broken.
>>
>> I''ll be releasing 4.4.24.1 today.
>
> The problem is not so severe as I originally thought. It only occurs
> when a logical device name is used on an interface that is named in
> tcdevices.
OK, IIRC when I made some tests I was using 4.4.23.X on all systems and
only the RHEL6 based ones had the problem. I''ll redo all tests tomorrow
maybe after you released 4.4.24.1.

Thanks,
Simon


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Tue, 2011-10-11 at 21:58 +0200, Simon Matter wrote:
> > On Tue, 2011-10-11 at 10:55 -0700, Tom Eastep wrote:
> >> On Tue, 2011-10-11 at 19:33 +0200, Simon Matter wrote:
> >>
> >> > Thanks for your effort in the early morning :)
> >> > I''ll try what you suggested. The funny thing is that
the RHEL4 boxes
> >> with
> >> > ancient 2.6.9 kernel have always worked exactly as expected.
Now on
> >> RHEL6
> >> > with kernel 2.6.32 it just doesn''t do what I expect.
I''ll give
> >> feedback
> >> > soon.
> >> >
> >>
> >> There is a bad defect in complex TC that was introduced in 4.4.23.
The
> >> net effect is that output shaping is completely broken.
> >>
> >> I''ll be releasing 4.4.24.1 today.
> >
> > The problem is not so severe as I originally thought. It only occurs
> > when a logical device name is used on an interface that is named in
> > tcdevices.
> 
> OK, IIRC when I made some tests I was using 4.4.23.X on all systems and
> only the RHEL6 based ones had the problem. I''ll redo all tests
tomorrow
> maybe after you released 4.4.24.1.
Given that the problem only affects users that have different logical
and physical names for their interfaces, I''m inclined to wait a few
days
and see if another defect shows up.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

> On Tue, 2011-10-11 at 06:50 -0700, Tom Eastep wrote:
>> On Tue, 2011-10-11 at 06:37 -0700, Tom Eastep wrote:
>>
>> >
>> > You might try this suggestion from the Shorewall TC HOWTO:
>> >
>> >         Note
>> >
>> >         For fast lines, the actually download speed may be well
below
>> >         what you specify here. If you have this problem, then
follow
>> the
>> >         bandwidth with a ":" and a burst size. The
default burst is
>> >         10kb, but on my 50mbit line, I specify 200kb.
(50mbit:200kb).
>>
>> I shouldn''t email before I have my morning coffee. This
suggestion only
>> works with simple TC.
>>
>
> Okay -- one more time, now that I have had my coffee.
>
> Specifying a burst on your IN-BANDWIDTH should definitely help your
> problem. I would start at 100kb. I seem to recall a user on IRC,
> however, that was experiencing a similar problem. In that case,
> adding a burst did not solve the issue. Don''t recall which distro
and
> version that user was running.
Tom, I tried this but it doesn''t seem to help. I''m not sure
about the
syntax of the burst parameter, the unit "kb" is not mentioned in
tcdevices
manpage, but I tried "kb" and "kbit". If I set it to
"10kbit" then the
connection stalls, if I set "100kb" oder "500kb" it
doesn''t change
anything, I get about 1/20 of the full downstream speed. The only thing
which helps is to set IN-BANDWIDTH to 0 which immediately makes it jump to
full speed.

To test I''m running a big wget job on the firewall itself over the
otherwise unused link and it shows something like "96.3K/s" while any
IN-BANDWIDTH is defined, and it jumps to "2.32M/s" if IN-BANDWIDTH is
set
to 0. The full mandwith is very constant while the limited bandwith is
not, it stays between ~70K/s and ~200K/s.

The same also happened on a faster link with 100Mbps symmetric line.

Update:
I''ve just tried on a RHEL4 system with 50Mbps link. Without burst
defined,
the wget shows about 2.4M/s, after adding "100kb" burst, it shows
4.93M/s,
so the effect is visible.

All systems are running the same shorewall 4.4.24 with almost identical
configurations. The main difference is RHEL4<>RHEL6. Any more ideas?

Thanks,
Simon


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Tue, 11 Oct 2011 10:31:19 +0200
"Simon Matter" <simon.matter@invoca.ch> wrote:
> Hi,
> 
> I''ve just realized that something seems to be wrong with traffic
> shaping on two systems which were running RHEL4 and are now running
> RHEL6. While trying to find what is wrong I even simplified the
> config but it just doesn''t seem to work as it has with EL4. The
test
> config looks like this (eth2 is the "internet" interface):
> 
> in shorewall.conf I have:
> TC_ENABLED=Internal
> 
> tcdevices:
> #NUMBER:        IN-BANDWITH     OUT-BANDWIDTH   OPTIONS
> REDIRECTED
> #INTERFACE
> INTERFACES eth2            20000kbit       2000kbit
> 
> tcclasses:
> #INTERFACE:CLASS        MARK    RATE:           CEIL
> PRIORITY OPTIONS
> #                               DMAX:UMAX
> eth2            1       full/4  full            1      
> tcp-ack,tos-minimize-delay
> eth2            2       full/4  full            2       default
> eth2            3       full/8  full*8/10       2
Your config is wrong:

RATE - rate[:dmax[:umax]]
      The minimum bandwidth this class should get, when the
      traffic load rises. If the sum of the rates in this column
      exceeds the INTERFACE''s OUT-BANDWIDTH, then the OUT-BANDWIDTH
      limit may not be honored. Similarly, if the sum of the rates of
      sub-classes of a class exceed the CEIL of the parent class,
      things don''t work well.

I use this which works fine with kernel 2.6.32-131.17.1.el6:

eth2  1  5*full/10  full      1  tcp-ack,tos-minimize-delay
eth2  2  3*full/10  9*full/10 2  default
eth2  3  2*full/10  8*full/10 2


-- 
Tuomo Soini <tis@foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Wed, 2011-10-12 at 13:32 +0300, Tuomo Soini wrote:
> Your config is wrong:
> 
> RATE - rate[:dmax[:umax]]
>       The minimum bandwidth this class should get, when the
>       traffic load rises. If the sum of the rates in this column
>       exceeds the INTERFACE''s OUT-BANDWIDTH, then the
OUT-BANDWIDTH
>       limit may not be honored. Similarly, if the sum of the rates of
>       sub-classes of a class exceed the CEIL of the parent class,
>       things don''t work well.
> 
> I use this which works fine with kernel 2.6.32-131.17.1.el6:
> 
> eth2  1  5*full/10  full      1  tcp-ack,tos-minimize-delay
> eth2  2  3*full/10  9*full/10 2  default
> eth2  3  2*full/10  8*full/10 2
> 
Simon''s problem is with download, not upload.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Wed, 2011-10-12 at 09:49 +0200, Simon Matter wrote:
> Tom, I tried this but it doesn''t seem to help. I''m not
sure about the
> syntax of the burst parameter, the unit "kb" is not mentioned in
tcdevices
> manpage, but I tried "kb" and "kbit". If I set it to
"10kbit" then the
> connection stalls, if I set "100kb" oder "500kb" it
doesn''t change
> anything, I get about 1/20 of the full downstream speed. The only thing
> which helps is to set IN-BANDWIDTH to 0 which immediately makes it jump to
> full speed.
> 
> To test I''m running a big wget job on the firewall itself over the
> otherwise unused link and it shows something like "96.3K/s" while
any
> IN-BANDWIDTH is defined, and it jumps to "2.32M/s" if
IN-BANDWIDTH is set
> to 0. The full mandwith is very constant while the limited bandwith is
> not, it stays between ~70K/s and ~200K/s.
> 
> The same also happened on a faster link with 100Mbps symmetric line.
> 
> Update:
> I''ve just tried on a RHEL4 system with 50Mbps link. Without burst
defined,
> the wget shows about 2.4M/s, after adding "100kb" burst, it shows
4.93M/s,
> so the effect is visible.
> 
> All systems are running the same shorewall 4.4.24 with almost identical
> configurations. The main difference is RHEL4<>RHEL6. Any more ideas?
No, sorry - I''ve tried to reproduce this problem on Foobar6.1 which is
RHEL6-based and I''m seeing no problem.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Wed, 2011-10-12 at 06:48 -0700, Tom Eastep wrote:
> No, sorry - I''ve tried to reproduce this problem on Foobar6.1
which is
> RHEL6-based and I''m seeing no problem.
I''ve done a bit more testing. Foobar6.1 is running kernel
2.6.32-131.17.1 whereas my Centos6 installation is running
2.6.32-71.29.1. Foobar6.1 works as expected while Centos6 shows download
speeds significantly below IN-BANDWIDTH. I''m seeing 22-23Mbit when I
set
the IN-BANDWIDTH to 30mbit. While that is not as bad as you are seeing,
it shows that there are significant differences between RHEL6 kernel
versions.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

> On Wed, 2011-10-12 at 06:48 -0700, Tom Eastep wrote:
>
>> No, sorry - I''ve tried to reproduce this problem on Foobar6.1
which is
>> RHEL6-based and I''m seeing no problem.
>
> I''ve done a bit more testing. Foobar6.1 is running kernel
> 2.6.32-131.17.1 whereas my Centos6 installation is running
> 2.6.32-71.29.1. Foobar6.1 works as expected while Centos6 shows download
> speeds significantly below IN-BANDWIDTH. I''m seeing 22-23Mbit when
I set
> the IN-BANDWIDTH to 30mbit. While that is not as bad as you are seeing,
> it shows that there are significant differences between RHEL6 kernel
> versions.
Hm, I have to redo my tests then. My initial testing was with CentOS 6 on
box A. Box B also and still runs CentOS 6 while box A now runs stock
RHEL6.1 kernel. So, it may be that only the testbox running CentOS is
affected, I''ll test it later today.

Thanks,
Simon


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Wed, 2011-10-12 at 17:53 +0200, Simon Matter wrote:
> > On Wed, 2011-10-12 at 06:48 -0700, Tom Eastep wrote:
> >
> >> No, sorry - I''ve tried to reproduce this problem on
Foobar6.1 which is
> >> RHEL6-based and I''m seeing no problem.
> >
> > I''ve done a bit more testing. Foobar6.1 is running kernel
> > 2.6.32-131.17.1 whereas my Centos6 installation is running
> > 2.6.32-71.29.1. Foobar6.1 works as expected while Centos6 shows
download
> > speeds significantly below IN-BANDWIDTH. I''m seeing 22-23Mbit
when I set
> > the IN-BANDWIDTH to 30mbit. While that is not as bad as you are
seeing,
> > it shows that there are significant differences between RHEL6 kernel
> > versions.
> 
> Hm, I have to redo my tests then. My initial testing was with CentOS 6 on
> box A. Box B also and still runs CentOS 6 while box A now runs stock
> RHEL6.1 kernel. So, it may be that only the testbox running CentOS is
> affected, I''ll test it later today.
I added the centos-cr repo and updated my CentOS 6 VM. It now runs at
full speed.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

> On Wed, 2011-10-12 at 17:53 +0200, Simon Matter wrote:
>> > On Wed, 2011-10-12 at 06:48 -0700, Tom Eastep wrote:
>> >
>> >> No, sorry - I''ve tried to reproduce this problem on
Foobar6.1 which
>> is
>> >> RHEL6-based and I''m seeing no problem.
>> >
>> > I''ve done a bit more testing. Foobar6.1 is running kernel
>> > 2.6.32-131.17.1 whereas my Centos6 installation is running
>> > 2.6.32-71.29.1. Foobar6.1 works as expected while Centos6 shows
>> download
>> > speeds significantly below IN-BANDWIDTH. I''m seeing
22-23Mbit when I
>> set
>> > the IN-BANDWIDTH to 30mbit. While that is not as bad as you are
>> seeing,
>> > it shows that there are significant differences between RHEL6
kernel
>> > versions.
>>
>> Hm, I have to redo my tests then. My initial testing was with CentOS 6
>> on
>> box A. Box B also and still runs CentOS 6 while box A now runs stock
>> RHEL6.1 kernel. So, it may be that only the testbox running CentOS is
>> affected, I''ll test it later today.
>
> I added the centos-cr repo and updated my CentOS 6 VM. It now runs at
> full speed.
The testbox I''m using is CentOS6 with CR enabled. Now, I also updated
the
kernel to 2.6.32-131.17.1.el6.x86_64 from RedHat, and it doesn''t change
anything. Download with wget shows something between 30 and 200K/s, while
after disabling TC it gets 2.2M/s.
The only solution I found is TC_ENABLED=Internal -> TC_ENABLED=No :(

Regards,
Simon



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

> On Wed, 2011-10-12 at 17:53 +0200, Simon Matter wrote:
>> > On Wed, 2011-10-12 at 06:48 -0700, Tom Eastep wrote:
>> >
>> >> No, sorry - I''ve tried to reproduce this problem on
Foobar6.1 which
>> is
>> >> RHEL6-based and I''m seeing no problem.
>> >
>> > I''ve done a bit more testing. Foobar6.1 is running kernel
>> > 2.6.32-131.17.1 whereas my Centos6 installation is running
>> > 2.6.32-71.29.1. Foobar6.1 works as expected while Centos6 shows
>> download
>> > speeds significantly below IN-BANDWIDTH. I''m seeing
22-23Mbit when I
>> set
>> > the IN-BANDWIDTH to 30mbit. While that is not as bad as you are
>> seeing,
>> > it shows that there are significant differences between RHEL6
kernel
>> > versions.
>>
>> Hm, I have to redo my tests then. My initial testing was with CentOS 6
>> on
>> box A. Box B also and still runs CentOS 6 while box A now runs stock
>> RHEL6.1 kernel. So, it may be that only the testbox running CentOS is
>> affected, I''ll test it later today.
>
> I added the centos-cr repo and updated my CentOS 6 VM. It now runs at
> full speed.
Tom, did you test with complex TC or simple TC?
I''ve just tested adding burst on one of the existing EL4 systems and it
indeed increases the download speed to almost full speed. However, the
same config on the EL6 box just doesn''t work at all even with the
latest
official RHEL6.1 kernel.

Thanks,
Simon


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Oct 13, 2011, at 1:22 PM, Simon Matter wrote:
> 
> Tom, did you test with complex TC or simple TC?
> I''ve just tested adding burst on one of the existing EL4 systems
and it
> indeed increases the download speed to almost full speed. However, the
> same config on the EL6 box just doesn''t work at all even with the
latest
> official RHEL6.1 kernel.

Simon,

I tested using Simple TC.

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Oct 13, 2011, at 7:18 PM, Tom Eastep wrote:
> 
> On Oct 13, 2011, at 1:22 PM, Simon Matter wrote:
>> 
>> Tom, did you test with complex TC or simple TC?
>> I''ve just tested adding burst on one of the existing EL4
systems and it
>> indeed increases the download speed to almost full speed. However, the
>> same config on the EL6 box just doesn''t work at all even with
the latest
>> official RHEL6.1 kernel.
> 
> 
> Simon,
> 
> I tested using Simple TC.
> 
As far as I know, IN-BANDWIDTH handling is identical in Internal and Simple.

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Oct 13, 2011, at 7:27 PM, Tom Eastep wrote:
> 
> On Oct 13, 2011, at 7:18 PM, Tom Eastep wrote:
> 
>> 
>> On Oct 13, 2011, at 1:22 PM, Simon Matter wrote:
>>> 
>>> Tom, did you test with complex TC or simple TC?
>>> I''ve just tested adding burst on one of the existing EL4
systems and it
>>> indeed increases the download speed to almost full speed. However,
the
>>> same config on the EL6 box just doesn''t work at all even
with the latest
>>> official RHEL6.1 kernel.
>> 
>> 
>> Simon,
>> 
>> I tested using Simple TC.
>> 
> 
> As far as I know, IN-BANDWIDTH handling is identical in Internal and
Simple.
> 
I just configured my Centos6 box with complex TC and it worked just the same.

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Thu, 2011-10-13 at 19:57 -0700, Tom Eastep wrote:
> On Oct 13, 2011, at 7:27 PM, Tom Eastep wrote:
> > On Oct 13, 2011, at 7:18 PM, Tom Eastep wrote:
> >> On Oct 13, 2011, at 1:22 PM, Simon Matter wrote:
> >>> 
> >>> Tom, did you test with complex TC or simple TC?
> >>> I''ve just tested adding burst on one of the existing
EL4 systems and it
> >>> indeed increases the download speed to almost full speed.
However, the
> >>> same config on the EL6 box just doesn''t work at all
even with the latest
> >>> official RHEL6.1 kernel.
> >> 
> >> I tested using Simple TC.
> >> 
> > As far as I know, IN-BANDWIDTH handling is identical in Internal and
Simple.
> > 
> I just configured my Centos6 box with complex TC and it worked just the
same.
> 
Grasping at straws, here is the Tc.pm that I''m releasing in 4.4.25 Beta
2. While my testing shows that it makes IN-BANDWIDTH enforcement more
accurate, I am not hopeful that it will help your issue.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

> On Thu, 2011-10-13 at 19:57 -0700, Tom Eastep wrote:
>> On Oct 13, 2011, at 7:27 PM, Tom Eastep wrote:
>> > On Oct 13, 2011, at 7:18 PM, Tom Eastep wrote:
>> >> On Oct 13, 2011, at 1:22 PM, Simon Matter wrote:
>> >>>
>> >>> Tom, did you test with complex TC or simple TC?
>> >>> I''ve just tested adding burst on one of the
existing EL4 systems and
>> it
>> >>> indeed increases the download speed to almost full speed.
However,
>> the
>> >>> same config on the EL6 box just doesn''t work at
all even with the
>> latest
>> >>> official RHEL6.1 kernel.
>> >>
>> >> I tested using Simple TC.
>> >>
>> > As far as I know, IN-BANDWIDTH handling is identical in Internal
and
>> Simple.
>> >
>> I just configured my Centos6 box with complex TC and it worked just the
>> same.
>>
>
> Grasping at straws, here is the Tc.pm that I''m releasing in 4.4.25
Beta
> 2. While my testing shows that it makes IN-BANDWIDTH enforcement more
> accurate, I am not hopeful that it will help your issue.
Thanks Tom, I appreciate your help!
I have tried the whole thing as you did with KVM - and of course it worked
as it did for you.
Finally, before giving up, I went to the box, put in a simple USB ethenet
adapter, and voilà - it works perfec :)
That means to me it must be some of the offloading stuff. I tried the
settings from the shorewall FAQ but without success, so I have to check
again, I either did something wrong in the tests or my adapter needs other
settings. I''ll come back with more infos.

Regards,
Simon


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Fri, 2011-10-14 at 16:40 +0200, Simon Matter wrote:
> Thanks Tom, I appreciate your help!
> I have tried the whole thing as you did with KVM - and of course it worked
> as it did for you.
> Finally, before giving up, I went to the box, put in a simple USB ethenet
> adapter, and voilà - it works perfec :)
> That means to me it must be some of the offloading stuff. I tried the
> settings from the shorewall FAQ but without success, so I have to check
> again, I either did something wrong in the tests or my adapter needs other
> settings. I''ll come back with more infos.
Simon,

Interesting - so far, the offloading problems have only produced slow
upload and not slow download. I''ll look forward to hearing what you
find
out.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

>> On Thu, 2011-10-13 at 19:57 -0700, Tom Eastep wrote:
>>> On Oct 13, 2011, at 7:27 PM, Tom Eastep wrote:
>>> > On Oct 13, 2011, at 7:18 PM, Tom Eastep wrote:
>>> >> On Oct 13, 2011, at 1:22 PM, Simon Matter wrote:
>>> >>>
>>> >>> Tom, did you test with complex TC or simple TC?
>>> >>> I''ve just tested adding burst on one of the
existing EL4 systems
>>> and
>>> it
>>> >>> indeed increases the download speed to almost full
speed. However,
>>> the
>>> >>> same config on the EL6 box just doesn''t work
at all even with the
>>> latest
>>> >>> official RHEL6.1 kernel.
>>> >>
>>> >> I tested using Simple TC.
>>> >>
>>> > As far as I know, IN-BANDWIDTH handling is identical in
Internal and
>>> Simple.
>>> >
>>> I just configured my Centos6 box with complex TC and it worked just
the
>>> same.
>>>
>>
>> Grasping at straws, here is the Tc.pm that I''m releasing in
4.4.25 Beta
>> 2. While my testing shows that it makes IN-BANDWIDTH enforcement more
>> accurate, I am not hopeful that it will help your issue.
>
> Thanks Tom, I appreciate your help!
> I have tried the whole thing as you did with KVM - and of course it worked
> as it did for you.
> Finally, before giving up, I went to the box, put in a simple USB ethenet
> adapter, and voilà - it works perfec :)
> That means to me it must be some of the offloading stuff. I tried the
> settings from the shorewall FAQ but without success, so I have to check
> again, I either did something wrong in the tests or my adapter needs other
> settings. I''ll come back with more infos.
Finally, disabling generic-receive-offload fixes the whole mess :)

Tom, maybe you could update the FAQ like this:

- ethtool -k ethN tso off gso off
+ ethtool -K ethN tso off gso off gro off

(Note the -K instead -k as well)

Of maybe even like this to be sure:

ethtool -K ethN tso off ufo off gso off gro off

I''m wondering if it would make sense to integrate some means into
shorewall to handle offloading on all devices where tc rules apply?

Thanks for you patience!

Regards,
Simon


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

>>> On Thu, 2011-10-13 at 19:57 -0700, Tom Eastep wrote:
>>>> On Oct 13, 2011, at 7:27 PM, Tom Eastep wrote:
>>>> > On Oct 13, 2011, at 7:18 PM, Tom Eastep wrote:
>>>> >> On Oct 13, 2011, at 1:22 PM, Simon Matter wrote:
>>>> >>>
>>>> >>> Tom, did you test with complex TC or simple TC?
>>>> >>> I''ve just tested adding burst on one of
the existing EL4 systems
>>>> and
>>>> it
>>>> >>> indeed increases the download speed to almost full
speed. However,
>>>> the
>>>> >>> same config on the EL6 box just doesn''t
work at all even with the
>>>> latest
>>>> >>> official RHEL6.1 kernel.
>>>> >>
>>>> >> I tested using Simple TC.
>>>> >>
>>>> > As far as I know, IN-BANDWIDTH handling is identical in
Internal and
>>>> Simple.
>>>> >
>>>> I just configured my Centos6 box with complex TC and it worked
just
>>>> the
>>>> same.
>>>>
>>>
>>> Grasping at straws, here is the Tc.pm that I''m releasing
in 4.4.25 Beta
>>> 2. While my testing shows that it makes IN-BANDWIDTH enforcement
more
>>> accurate, I am not hopeful that it will help your issue.
>>
>> Thanks Tom, I appreciate your help!
>> I have tried the whole thing as you did with KVM - and of course it
>> worked
>> as it did for you.
>> Finally, before giving up, I went to the box, put in a simple USB
>> ethenet
>> adapter, and voilà - it works perfec :)
>> That means to me it must be some of the offloading stuff. I tried the
>> settings from the shorewall FAQ but without success, so I have to check
>> again, I either did something wrong in the tests or my adapter needs
>> other
>> settings. I''ll come back with more infos.
>
> Finally, disabling generic-receive-offload fixes the whole mess :)
>
> Tom, maybe you could update the FAQ like this:
>
> - ethtool -k ethN tso off gso off
> + ethtool -K ethN tso off gso off gro off
>
> (Note the -K instead -k as well)
>
> Of maybe even like this to be sure:
>
> ethtool -K ethN tso off ufo off gso off gro off
Please forget this one   ^^^^^^^^^, udp-fragmentation-offload can not be
disabled at least on my systems, is is off by default for me.

Simon


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Fri, 2011-10-14 at 17:45 +0200, Simon Matter wrote:
> >
> > Finally, disabling generic-receive-offload fixes the whole mess :)
> >
> > Tom, maybe you could update the FAQ like this:
> >
> > - ethtool -k ethN tso off gso off
> > + ethtool -K ethN tso off gso off gro off
> >
> > (Note the -K instead -k as well)
> >
> > Of maybe even like this to be sure:
> >
> > ethtool -K ethN tso off ufo off gso off gro off
> 
> Please forget this one   ^^^^^^^^^, udp-fragmentation-offload can not be
> disabled at least on my systems, is is off by default for me.
Thanks, Simon

I''ve added FAQ 97a which deals with slow download.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Oct 14, 2011, at 8:45 AM, Simon Matter wrote:
>> 
>> Finally, disabling generic-receive-offload fixes the whole mess :)
>> 
For future reference, what type of NIC do you have that shows this behavior?

Thanks,
-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Oct 15, 2011, at 1:17 PM, Tom Eastep wrote:
> 
> On Oct 14, 2011, at 8:45 AM, Simon Matter wrote:
>>> 
>>> Finally, disabling generic-receive-offload fixes the whole mess :)
>>> 
> 
> For future reference, what type of NIC do you have that shows this
behavior?
> 
Two bits of good news:

1) I''ve been able to reproduce this with a common Realtek Gigabit card:

02:03.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit
Ethernet (rev 10)
	Subsystem: Netgear GA311
	Flags: bus master, 66MHz, medium devsel, latency 64, IRQ 23
	I/O ports at b400 [size=256]
	Memory at ff5ff400 (32-bit, non-prefetchable) [size=256]
	Expansion ROM at ff5c0000 [disabled] [size=128K]
	Capabilities: [dc] Power Management version 2
	Kernel driver in use: r8169

2) I have been able to modify Shorewall IN-BANDWIDTH handling to avoid the
problem.

   Up to this time, Shorewall has generated a rate/burst policing filter. This
type of filter seems particularly incompatible with GRO.

   The attached Tc.pm allows you to configure a rate estimated policing filter.
To do that, precede the bandwidth with ''~''.

	Example: ~40mbit

   There are two optional parameters that can be added - interval and decay
interval.

        Example: ~40mbit:1sec:8sec

   If not specified, the defaults for these two parameters are 250ms and 4sec.
For an excellent explanation of the parameters, see
http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

>
> On Oct 14, 2011, at 8:45 AM, Simon Matter wrote:
>>>
>>> Finally, disabling generic-receive-offload fixes the whole mess :)
>>>
>
> For future reference, what type of NIC do you have that shows this
> behavior?

It''s an intel adapter as shown below.

Regards,
Simon

02:00.1 Ethernet controller: Intel Corporation 82575EB Gigabit Network
Connection (rev 02)
        Subsystem: Super Micro Computer Inc Device 10a7
        Flags: bus master, fast devsel, latency 0, IRQ 19
        Memory at fe8a0000 (32-bit, non-prefetchable) [size=128K]
        Memory at fe200000 (32-bit, non-prefetchable) [size=2M]
        I/O ports at e400 [size=32]
        Memory at fe8d8000 (32-bit, non-prefetchable) [size=16K]
        Expansion ROM at fe000000 [disabled] [size=2M]
        Capabilities: [40] Power Management version 2
        Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+
        Capabilities: [60] MSI-X: Enable+ Count=10 Masked-
        Capabilities: [a0] Express Endpoint, MSI 00
        Capabilities: [100] Advanced Error Reporting
        Capabilities: [140] Device Serial Number 00-25-90-ff-ff-35-ad-ac
        Kernel driver in use: igb
        Kernel modules: igb


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

>
> On Oct 15, 2011, at 1:17 PM, Tom Eastep wrote:
>
>>
>> On Oct 14, 2011, at 8:45 AM, Simon Matter wrote:
>>>>
>>>> Finally, disabling generic-receive-offload fixes the whole mess
:)
>>>>
>>
>> For future reference, what type of NIC do you have that shows this
>> behavior?
>>
>
> Two bits of good news:
>
> 1) I''ve been able to reproduce this with a common Realtek Gigabit
card:
>
> 02:03.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8169
> Gigabit Ethernet (rev 10)
> 	Subsystem: Netgear GA311
> 	Flags: bus master, 66MHz, medium devsel, latency 64, IRQ 23
> 	I/O ports at b400 [size=256]
> 	Memory at ff5ff400 (32-bit, non-prefetchable) [size=256]
> 	Expansion ROM at ff5c0000 [disabled] [size=128K]
> 	Capabilities: [dc] Power Management version 2
> 	Kernel driver in use: r8169
Thanks Tom, I guess then it''s quite common with many systems now.
I''ve
checked different cards now. A Intel 82574L and a Broadcom BCM5723 have
GRO disabled while on a Intel 82575EB it''s enabled, all on RHEL6.
>
> 2) I have been able to modify Shorewall IN-BANDWIDTH handling to avoid the
> problem.
>
>    Up to this time, Shorewall has generated a rate/burst policing filter.
> This type of filter seems particularly incompatible with GRO.
>
>    The attached Tc.pm allows you to configure a rate estimated policing
> filter. To do that, precede the bandwidth with ''~''.
>
> 	Example: ~40mbit
>
>    There are two optional parameters that can be added - interval and
> decay interval.
>
>         Example: ~40mbit:1sec:8sec
>
>    If not specified, the defaults for these two parameters are 250ms and
> 4sec. For an excellent explanation of the parameters, see
> http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt
Thanks, I quickly tested it on one of the existing systems with 4.4.24 but
it fails to compile - I guess I need 4.4.25beta for it.
How about the upload issue in FAQ97, I guess it doesn''t change even
with
the new code? I think I may still switch off the offloading on all
adapters where shaping is used just to be sure.

Thanks,
Simon


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Mon, 2011-10-17 at 13:14 +0200, Simon Matter wrote:
> 
> Thanks, I quickly tested it on one of the existing systems with 4.4.24 but
> it fails to compile - I guess I need 4.4.25beta for it.
Just tested the attached version on 4.4.24.1.
> How about the upload issue in FAQ97, I guess it doesn''t change
even with
> the new code?
No - the new code strictly deals with IN-BANDWIDTH while FAQ97 deals
with OUT-BANDWIDTH.
> I think I may still switch off the offloading on all
> adapters where shaping is used just to be sure.
Hopefully, you can use the new estimator-based policing and can avoid
having to switch it off.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

> On Mon, 2011-10-17 at 13:14 +0200, Simon Matter wrote:
>
>>
>> Thanks, I quickly tested it on one of the existing systems with 4.4.24
>> but
>> it fails to compile - I guess I need 4.4.25beta for it.
>
> Just tested the attached version on 4.4.24.1.
That''s what I get:

# shorewall check
Checking...
Global symbol "$rate" requires explicit package name at
/usr/libexec/shorewall/Shorewall/Tc.pm line 583.
BEGIN not safe after errors--compilation aborted at
/usr/libexec/shorewall/Shorewall/Tc.pm line 831.
Compilation failed in require at
/usr/libexec/shorewall/Shorewall/Compiler.pm line 31.
BEGIN failed--compilation aborted at
/usr/libexec/shorewall/Shorewall/Compiler.pm line 31.
Compilation failed in require at /usr/libexec/shorewall/compiler.pl line 44.
BEGIN failed--compilation aborted at /usr/libexec/shorewall/compiler.pl
line 44.

What am I missing?

Thanks,
Simon


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Tue, 2011-10-18 at 07:25 +0200, Simon Matter wrote:
> That''s what I get:
> 
> # shorewall check
> Checking...
> Global symbol "$rate" requires explicit package name at
> /usr/libexec/shorewall/Shorewall/Tc.pm line 583.
> BEGIN not safe after errors--compilation aborted at
> /usr/libexec/shorewall/Shorewall/Tc.pm line 831.
> Compilation failed in require at
> /usr/libexec/shorewall/Shorewall/Compiler.pm line 31.
> BEGIN failed--compilation aborted at
> /usr/libexec/shorewall/Shorewall/Compiler.pm line 31.
> Compilation failed in require at /usr/libexec/shorewall/compiler.pl line
44.
> BEGIN failed--compilation aborted at /usr/libexec/shorewall/compiler.pl
> line 44.
> 
> What am I missing?
Looks like you still have the first version installed. The second
version has $rate replaced by $in_rate at line 583.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

> On Tue, 2011-10-18 at 07:25 +0200, Simon Matter wrote:
>
>> That''s what I get:
>>
>> # shorewall check
>> Checking...
>> Global symbol "$rate" requires explicit package name at
>> /usr/libexec/shorewall/Shorewall/Tc.pm line 583.
>> BEGIN not safe after errors--compilation aborted at
>> /usr/libexec/shorewall/Shorewall/Tc.pm line 831.
>> Compilation failed in require at
>> /usr/libexec/shorewall/Shorewall/Compiler.pm line 31.
>> BEGIN failed--compilation aborted at
>> /usr/libexec/shorewall/Shorewall/Compiler.pm line 31.
>> Compilation failed in require at /usr/libexec/shorewall/compiler.pl
line
>> 44.
>> BEGIN failed--compilation aborted at /usr/libexec/shorewall/compiler.pl
>> line 44.
>>
>> What am I missing?
>
> Looks like you still have the first version installed. The second
> version has $rate replaced by $in_rate at line 583.
You''re right, I tested the wrong one.
Now it works and I can confirm that it also works with GRO enabled.

Thanks,
Simon


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct

On Oct 18, 2011, at 9:24 AM, Simon Matter wrote:
> You''re right, I tested the wrong one.
> Now it works and I can confirm that it also works with GRO enabled.

Excellent!

Thanks, Simon

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct