Re: [CentOS] Performance of CentOS as a NAT gateway

Bart Schaefer napsal(a): We're having a spike right now. Doesn't look much different, though: # wc -l /proc/net/ip_conntrack 17141 /proc/net/ip_conntrack # fgrep -cv UNRE /proc/net/ip_conntrack 1310 What are the upstream link parameters (type, up, down, ...), what's the ping on gateway

RE: [CentOS] Performance of CentOS as a NAT gateway

Bart Schaefer wrote: On 9/10/07, John R Pierce [EMAIL PROTECTED] wrote: wireshark can process and display packet capture files from tcpdump -w capture a few megabytes of packets on the appropriate interface of the firewall, then transfer them to a workstation with Wireshark for

Re: [CentOS] Performance of CentOS as a NAT gateway

On 9/9/07, David Hrbác( [EMAIL PROTECTED] wrote: how many connections are on the router (/proc/net/ip_conntrack) ? This is way off-peak time for us (middle of Sunday night PDT) so I suspect looking at this right now is not very useful, but: # cat /proc/net/ip_conntrack | wc -l 15140 # cat

Re: [CentOS] Performance of CentOS as a NAT gateway

Bart Schaefer napsal(a): This is way off-peak time for us (middle of Sunday night PDT) so I suspect looking at this right now is not very useful, but: Well, it's really way-off now. I dare to say it's conntrack anyway. If there are client behind NAT using P2P... then 1 client can have thousands

Re: [CentOS] Performance of CentOS as a NAT gateway

On 9/9/07, David Hrbác( [EMAIL PROTECTED] wrote: Bart Schaefer napsal(a): This is way off-peak time for us (middle of Sunday night PDT) so I suspect looking at this right now is not very useful, but: Please do report during peak and net issue time. We're having a spike right now. Doesn't

Re: [CentOS] Performance of CentOS as a NAT gateway

Bart Schaefer wrote: On 9/9/07, David Hrbác( [EMAIL PROTECTED] wrote: how many connections are on the router (/proc/net/ip_conntrack) ? This is way off-peak time for us (middle of Sunday night PDT) so I suspect looking at this right now is not very useful, but: # cat

Re: [CentOS] Performance of CentOS as a NAT gateway

Guy Boisvert wrote: On top of that, i'd say that a PC, with whatever processor you could put, is able to service a certain amount of interrupts / second. [Snip...] Somebody mentioned pfSense. I use it and there is an option that can boost the performance: Using device polling instead of

RE: [CentOS] Performance of CentOS as a NAT gateway

Bart Schaefer wrote: On 9/9/07, Barry Brimer [EMAIL PROTECTED] wrote: Maybe it is time for some kernel networking tuning. After doing a bit of research: http://www.acc.umu.se/~maswan/linux-netperf.txt http://wwwx.cs.unc.edu/~sparkst/howto/network_tuning.php

Re: [CentOS] Performance of CentOS as a NAT gateway

Bart Schaefer wrote: Or are you saying that LAN-to-LAN traffic maxs out at 10Mbps, it is a little vague. LAN-to-gateway traffic (e.g., a test FTP of a large file from the gateway to a machine on one of the LANs) begins to degrade as the LAN-to-internet traffic increases. That's not

Re: [CentOS] Performance of CentOS as a NAT gateway

Subject: RE: [CentOS] Performance of CentOS as a NAT gateway Bart Schaefer wrote: On 9/9/07, Barry Brimer [EMAIL PROTECTED] wrote: Maybe it is time for some kernel networking tuning. After doing a bit of research: http://www.acc.umu.se/~maswan/linux-netperf.txt http://wwwx.cs.unc.edu

Re: [CentOS] Performance of CentOS as a NAT gateway

On 9/10/07, Bart Schaefer [EMAIL PROTECTED] wrote: On 9/10/07, Guy Boisvert [EMAIL PROTECTED] wrote: On top of that, i'd say that a PC, with whatever processor you could put, is able to service a certain amount of interrupts / second. # cat /proc/interrupts Ok, so obviously just that

Re: [CentOS] Performance of CentOS as a NAT gateway

Bart Schaefer wrote: On 9/10/07, Bart Schaefer [EMAIL PROTECTED] wrote: On 9/10/07, Guy Boisvert [EMAIL PROTECTED] wrote: On top of that, i'd say that a PC, with whatever processor you could put, is able to service a certain amount of interrupts / second. # cat /proc/interrupts

Re: [CentOS] Performance of CentOS as a NAT gateway

On 9/10/07, John R Pierce [EMAIL PROTECTED] wrote: wireshark can process and display packet capture files from tcpdump -w capture a few megabytes of packets on the appropriate interface of the firewall, then transfer them to a workstation with Wireshark for analysis. OK, I've got some output

Re: [CentOS] Performance of CentOS as a NAT gateway

of CentOS as a NAT gateway On 9/10/07, John R Pierce [EMAIL PROTECTED] wrote: wireshark can process and display packet capture files from tcpdump -w capture a few megabytes of packets on the appropriate interface of the firewall, then transfer them to a workstation with Wireshark for analysis

Re: [CentOS] Performance of CentOS as a NAT gateway

On 9/10/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: How about putting the file contents on pastebin and posting the link? Unfortunately there's customer data in there that I'm not at liberty to make public. ___ CentOS mailing list CentOS@centos.org

Re: [CentOS] Performance of CentOS as a NAT gateway

To:CentOS mailing list centos@centos.org Subject: Re: [CentOS] Performance of CentOS as a NAT gateway On 9/10/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: How about putting the file contents on pastebin and posting the link? Unfortunately there's customer data in there that I'm not at liberty

Re: [CentOS] Performance of CentOS as a NAT gateway

On 9/10/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: If you feel like learning sed ;) I suspect I've been scripting sed since you were about 7 years old. :-) I don't think even recent GNU sed is going to handle tcpdump output very well. ___ CentOS

Re: [CentOS] Performance of CentOS as a NAT gateway

Scripting in sed for 20+ years? Masochist! :-) Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: Bart Schaefer [EMAIL PROTECTED] Date: Mon, 10 Sep 2007 20:48:21 To:CentOS mailing list centos@centos.org Subject: Re: [CentOS] Performance of CentOS as a NAT

Re: [CentOS] Performance of CentOS as a NAT gateway

On 9/9/07, Robert - elists [EMAIL PROTECTED] wrote: What switch is it? LinkSys Etherfast, a couple of years old now (I'd have to go to our colocation site to look in the cabinet to get the exact model). it's a plain dumb switch, no management interface. Evidentally, there much be a switch on

Re: [CentOS] Performance of CentOS as a NAT gateway

The other side is a high-end Cisco router managed by our ISP. Its their router statistics that tell us we're peaking at just over 10Mb/s coming out of the gateway box. That was where we first assumed the problem must be, so we've been working with them on this problem for some while now and

Re: [CentOS] Performance of CentOS as a NAT gateway

On 9/8/07, Ross S. W. Walker [EMAIL PROTECTED] wrote: Has the Internet interface reached it's max capacity? No. Or are you saying that LAN-to-LAN traffic maxs out at 10Mbps, it is a little vague. LAN-to-gateway traffic (e.g., a test FTP of a large file from the gateway to a machine on one

Re: [CentOS] Performance of CentOS as a NAT gateway

On 9/9/07, Barry Brimer [EMAIL PROTECTED] wrote: What is the speed of the link between you and the ISP? 100Mb/s. Do they have other customer sites that are set up the same way as yours that get significantly better performance? They don't have any other sites set up this way to compare.

RE: [CentOS] Performance of CentOS as a NAT gateway

Bart Schaefer wrote: On 9/9/07, Barry Brimer [EMAIL PROTECTED] wrote: What is the speed of the link between you and the ISP? 100Mb/s. Do they have other customer sites that are set up the same way as yours that get significantly better performance? They don't have any other

Re: [CentOS] Performance of CentOS as a NAT gateway

LAN-to-gateway traffic (e.g., a test FTP of a large file from the gateway to a machine on one of the LANs) begins to degrade as the LAN-to-internet traffic increases. That's not surprising, but it degrades disproportionately, i.e. when the FTP begins to show intermittent stalls, the total

Re: [CentOS] Performance of CentOS as a NAT gateway

On 9/9/07, Barry Brimer [EMAIL PROTECTED] wrote: Maybe it is time for some kernel networking tuning. Add the following lines to /etc/sysctl.conf Thanks, will try. Question: Why does ip_local_port_range matter? ___ CentOS mailing list

Re: [CentOS] Performance of CentOS as a NAT gateway

You has said that box makes only routing functions, so... it's not a CentOS related item, but maybe you should to consider to purchase and learn to manage a pfSense appliance[1]. It's simply wonderful. http://www.pfsense.com/ -- Thanks, Jordi Espasa Clofent

[CentOS] Performance of CentOS as a NAT gateway

We have a single 3GHz P4 box w/2GB RAM running CentOS 3.8, acting as a gateway, which serves multiple IP address, having one virtual interface for each IP, e.g., eth0:1, eth0:2, etc. These interfaces/IPs are on the public internet. Each of these IP addresses is the NAT address for a different

Re: [CentOS] Performance of CentOS as a NAT gateway

On Sat, 8 Sep 2007, Bart Schaefer wrote: We have a single 3GHz P4 box w/2GB RAM running CentOS 3.8, acting as a gateway, which serves multiple IP address, having one virtual interface for each IP, e.g., eth0:1, eth0:2, etc. These interfaces/IPs are on the public internet. Each of these IP

Re: [CentOS] Performance of CentOS as a NAT gateway

On 9/8/07, Barry Brimer [EMAIL PROTECTED] wrote: Have you checked speed and duplex settings? All NICs on all machines involved report exactly the same: negotiated 100baseTx-FD flow-control, link ok We've also checked ifconfig on all interfaces, and no errors, dropped packets, overruns, nor

Re: [CentOS] Performance of CentOS as a NAT gateway

Bart Schaefer wrote: On 9/8/07, Barry Brimer [EMAIL PROTECTED] wrote: Have you checked speed and duplex settings? All NICs on all machines involved report exactly the same: negotiated 100baseTx-FD flow-control, link ok We've also checked ifconfig on all interfaces, and no