Hi,
I've been struggling with system performance lately, but still haven't
gotten anywhere.
Top doesn't really seem to show anything "wrong" or worth worrying about.
However, there are processes (only Shorewall-related that I know of,
for now) that hinder real-time traffic (eg. VoIP).
Since every single config is different and depends mostly on the
amount of rules one might define, I decided to test another command I
see is causing me network issues:
# time shorewall show capabilities
real 0m37.072s
user 0m0.370s
sys 0m24.210s
During these 30 seconds or so, I'm experiencing latency issues.
Nothing else in TOP seems to give any other clues, and it is easily
reproducible.
smartmontools don't seem to indicate anything wrong with the disks.
iostat typically shows these values:
avg-cpu: %user %nice %system %iowait %steal %idle
1.73 0.11 8.06 0.23 0.00 89.88
Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s
avgrq-sz avgqu-sz await r_await w_await svctm %util
sda 0.00 23.90 0.16 16.83 12.02 582.69
69.98 0.07 3.85 0.52 3.88 0.22 0.38
sdb 0.00 23.90 0.02 16.83 0.27 582.69
69.16 0.06 3.85 0.64 3.85 0.22 0.38
md5 0.00 0.00 0.19 37.04 12.29 574.49
31.52 0.00 0.00 0.00 0.00 0.00 0.00
md4 0.00 0.00 0.00 0.00 0.00 0.00
46.85 0.00 0.00 0.00 0.00 0.00 0.00
md3 0.00 0.00 0.00 0.00 0.00 0.00
46.39 0.00 0.00 0.00 0.00 0.00 0.00
md127 0.00 0.00 0.00 0.00 0.00 0.00
7.57 0.00 0.00 0.00 0.00 0.00 0.00
avg-cpu: %user %nice %system %iowait %steal %idle
2.97 0.25 3.34 0.00 0.00 93.44
Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s
avgrq-sz avgqu-sz await r_await w_await svctm %util
sda 0.00 57.43 0.00 19.80 0.00 289.11
29.20 0.00 0.00 0.00 0.00 0.00 0.00
sdb 0.00 57.43 0.00 19.80 0.00 289.11
29.20 0.00 0.00 0.00 0.00 0.00 0.00
md5 0.00 0.00 0.00 70.30 0.00 273.27
7.77 0.00 0.00 0.00 0.00 0.00 0.00
md4 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00
md3 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00
md127 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00
avg-cpu: %user %nice %system %iowait %steal %idle
2.35 0.00 3.22 0.00 0.00 94.42
Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s
avgrq-sz avgqu-sz await r_await w_await svctm %util
sda 0.00 7.00 0.00 9.00 0.00 59.00
13.11 0.00 0.00 0.00 0.00 0.00 0.00
sdb 0.00 7.00 0.00 9.00 0.00 59.00
13.11 0.00 0.00 0.00 0.00 0.00 0.00
md5 0.00 0.00 0.00 10.00 0.00 44.00
8.80 0.00 0.00 0.00 0.00 0.00 0.00
md4 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00
md3 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00
md127 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00
BTW, during a "show capabilities" run, I get something like this:
avg-cpu: %user %nice %system %iowait %steal %idle
3.96 0.12 14.85 0.12 0.00 80.94
Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s
avgrq-sz avgqu-sz await r_await w_await svctm %util
sda 0.00 32.67 0.00 44.55 0.00 562.38
25.24 1.68 37.78 0.00 37.78 3.78 16.83
sdb 0.00 32.67 0.00 44.55 0.00 562.38
25.24 0.04 0.89 0.00 0.89 0.89 3.96
md5 0.00 0.00 0.00 71.29 0.00 550.50
15.44 0.00 0.00 0.00 0.00 0.00 0.00
md4 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00
md3 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00
md127 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00
Why would "show capabilities" take so long to complete?
I have other Shorewall machines with similar kernels, but they take a
lot less time (about 3 seconds).
Thanks for sharing your thoughts,
Vieri
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
