On Fri, May 4, 2012 at 6:49 PM, Tom Eastep <teastep@shorewall.net>
wrote:> On 5/4/12 4:37 PM, Tom Eastep wrote:
>> On 5/4/12 11:49 AM, Brad Clarke wrote:
>>> I''m using shorewall 4.5.2.4 on Ubuntu 10.04.
>>>
>>> During a "shorewall restart" I get about a 10 second
pause after
>>> seeing this "Setting up Traffic Control...". I just tried
it with
>>> "shorewall -vv restart" and the problem seems to be about
a second
>>> each of "IP Address x.x.x.x added to interface vlan###",
one for each
>>> external IP in my nat file since I do have ADD_IP_ALIASES=Yes. Is
>>> there any way to eliminate the delay while retaining this setup?
I''m
>>> hoping to avoid creating aliased interfaces in
/etc/network/interfaces
>>> and setting ADD_IP_ALIASES=No, but if that''s the only way
then that''s
>>> what I''ll do.
>>
>> How many addresses are you adding?
>
> And how fast is the hardware you are using?
>
~10 addresses, depends on which router. Hardware is pretty new, 3 are
VMs one is physical. One of the VMs is below, the physical one is
similar but beefier.
bclarke@hsv-router:~$ annotate-output sudo shorewall -vv restart
11:40:41 I: Started sudo shorewall -vv restart
11:40:42 O: Restarting Shorewall....
11:40:42 O: Initializing...
11:40:42 O: Loading Modules...
11:40:42 O: Processing /etc/shorewall/init ...
11:40:42 E: RTNETLINK answers: File exists
11:40:42 E: RTNETLINK answers: File exists
11:40:42 E: RTNETLINK answers: File exists
11:40:42 E: RTNETLINK answers: File exists
11:40:42 O: Setting up Route Filtering...
11:40:42 O: Setting up Martian Logging...
11:40:42 O: Setting up Proxy ARP...
11:40:42 O: Host x.x.x.219 connected to vlan711 added to ARP on vlan710
11:40:42 O: Host x.x.x.221 connected to vlan711 added to ARP on vlan710
11:40:42 O: Host x.x.x.248 connected to vlan711 added to ARP on vlan710
11:40:42 O: Host x.x.x.249 connected to vlan711 added to ARP on vlan710
11:40:42 O: Host x.x.x.250 connected to vlan711 added to ARP on vlan710
11:40:42 O: Host x.x.x.251 connected to vlan711 added to ARP on vlan710
11:40:42 O: Shorewall-generated routing tables and routing rules removed
11:40:42 O: Null Routing the RFC 1918 subnets
11:40:42 O: Setting up Traffic Control...
11:40:42 O: Adding IP Addresses...
11:40:43 O: IP Address x.x.x.193 added to interface vlan710
11:40:44 O: IP Address x.x.x.194 added to interface vlan710
11:40:45 O: IP Address x.x.x.200 added to interface vlan710
11:40:46 O: IP Address x.x.x.202 added to interface vlan710
11:40:47 O: IP Address x.x.x.203 added to interface vlan710
11:40:49 O: IP Address x.x.x.207 added to interface vlan710
11:40:50 O: IP Address x.x.x.214 added to interface vlan710
11:40:51 O: IP Address x.x.x.216 added to interface vlan710
11:40:52 O: IP Address x.x.x.220 added to interface vlan710
11:40:53 O: IP Address x.x.x.225 added to interface vlan710
11:40:53 O: Preparing iptables-restore input...
11:40:53 O: Running /sbin/iptables-restore...
11:40:53 O: IPv4 Forwarding Enabled
11:40:53 O: done.
11:40:53 I: Finished with exitcode 0
bclarke@hsv-router:~$ cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 23
model name : Intel(R) Xeon(R) CPU X5460 @ 3.16GHz
stepping : 6
cpu MHz : 3158.750
cache size : 6144 KB
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss syscall nx lm
constant_tsc arch_perfmon pebs bts rep_good tsc_reliable nonstop_tsc
aperfmperf pni ssse3 cx16 sse4_1 hypervisor lahf_lm
bogomips : 6317.50
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:
processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 23
model name : Intel(R) Xeon(R) CPU X5460 @ 3.16GHz
stepping : 6
cpu MHz : 3158.750
cache size : 6144 KB
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss syscall nx lm
constant_tsc arch_perfmon pebs bts rep_good tsc_reliable nonstop_tsc
aperfmperf pni ssse3 cx16 sse4_1 hypervisor lahf_lm
bogomips : 6317.50
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:
bclarke@hsv-router:~$ free
total used free shared buffers cached
Mem: 1023192 952868 70324 0 198900 522976
-/+ buffers/cache: 230992 792200
Swap: 407544 0 407544
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/