> On Tue, 2011-10-11 at 06:50 -0700, Tom Eastep wrote: >> On Tue, 2011-10-11 at 06:37 -0700, Tom Eastep wrote: >> >> > >> > You might try this suggestion from the Shorewall TC HOWTO: >> > >> > Note >> > >> > For fast lines, the actually download speed may be well below >> > what you specify here. If you have this problem, then follow >> the >> > bandwidth with a ":" and a burst size. The default burst is >> > 10kb, but on my 50mbit line, I specify 200kb. (50mbit:200kb). >> >> I shouldn't email before I have my morning coffee. This suggestion only >> works with simple TC. >> > > Okay -- one more time, now that I have had my coffee. > > Specifying a burst on your IN-BANDWIDTH should definitely help your > problem. I would start at 100kb. I seem to recall a user on IRC, > however, that was experiencing a similar problem. In that case, > adding a burst did not solve the issue. Don't recall which distro and > version that user was running.
Tom, I tried this but it doesn't seem to help. I'm not sure about the syntax of the burst parameter, the unit "kb" is not mentioned in tcdevices manpage, but I tried "kb" and "kbit". If I set it to "10kbit" then the connection stalls, if I set "100kb" oder "500kb" it doesn't change anything, I get about 1/20 of the full downstream speed. The only thing which helps is to set IN-BANDWIDTH to 0 which immediately makes it jump to full speed. To test I'm running a big wget job on the firewall itself over the otherwise unused link and it shows something like "96.3K/s" while any IN-BANDWIDTH is defined, and it jumps to "2.32M/s" if IN-BANDWIDTH is set to 0. The full mandwith is very constant while the limited bandwith is not, it stays between ~70K/s and ~200K/s. The same also happened on a faster link with 100Mbps symmetric line. Update: I've just tried on a RHEL4 system with 50Mbps link. Without burst defined, the wget shows about 2.4M/s, after adding "100kb" burst, it shows 4.93M/s, so the effect is visible. All systems are running the same shorewall 4.4.24 with almost identical configurations. The main difference is RHEL4<>RHEL6. Any more ideas? Thanks, Simon ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
