> > On Oct 15, 2011, at 1:17 PM, Tom Eastep wrote: > >> >> On Oct 14, 2011, at 8:45 AM, Simon Matter wrote: >>>> >>>> Finally, disabling generic-receive-offload fixes the whole mess :) >>>> >> >> For future reference, what type of NIC do you have that shows this >> behavior? >> > > Two bits of good news: > > 1) I've been able to reproduce this with a common Realtek Gigabit card: > > 02:03.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8169 > Gigabit Ethernet (rev 10) > Subsystem: Netgear GA311 > Flags: bus master, 66MHz, medium devsel, latency 64, IRQ 23 > I/O ports at b400 [size=256] > Memory at ff5ff400 (32-bit, non-prefetchable) [size=256] > Expansion ROM at ff5c0000 [disabled] [size=128K] > Capabilities: [dc] Power Management version 2 > Kernel driver in use: r8169
Thanks Tom, I guess then it's quite common with many systems now. I've checked different cards now. A Intel 82574L and a Broadcom BCM5723 have GRO disabled while on a Intel 82575EB it's enabled, all on RHEL6. > > 2) I have been able to modify Shorewall IN-BANDWIDTH handling to avoid the > problem. > > Up to this time, Shorewall has generated a rate/burst policing filter. > This type of filter seems particularly incompatible with GRO. > > The attached Tc.pm allows you to configure a rate estimated policing > filter. To do that, precede the bandwidth with '~'. > > Example: ~40mbit > > There are two optional parameters that can be added - interval and > decay interval. > > Example: ~40mbit:1sec:8sec > > If not specified, the defaults for these two parameters are 250ms and > 4sec. For an excellent explanation of the parameters, see > http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt Thanks, I quickly tested it on one of the existing systems with 4.4.24 but it fails to compile - I guess I need 4.4.25beta for it. How about the upload issue in FAQ97, I guess it doesn't change even with the new code? I think I may still switch off the offloading on all adapters where shaping is used just to be sure. Thanks, Simon ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users