View previous topic :: View next topic |
Author |
Message |
djericj n00b
Joined: 31 Jan 2010 Posts: 2
|
Posted: Sun Jan 31, 2010 1:39 am Post subject: Iptables & network performance on SunFire v100 |
|
|
I seem to be having a problem with network performance on a SunFire v100. I have the system setup to forward packets from eth0 to eth1 (outgoing) and vice versa for incoming. I am using kernel version 2.6.31 r7. I am using iptables. The system specs are 500mhz UltraSparc IIe, 512 RAM, 40gb IDE disk and 2 Davicom 10/100 Ethernet.
I seemed to be capped at 10mbs when passing traffic from my network through the firewall. Internet speed tests show me getting 10mbs down when going through the firewall but 20mbs on systems that are directly connected to the Internet. I can get higher speeds when going out to the Internet on the firewall itself, for example, when downloading packages during an emerge. At first I thought it was a problem with my iptables rules but I can turn off almost all the rules except for the basic nat rules and there appears to be no improvement in performance. This made me wonder if it wasn't a problem with the NIC drivers or some other system configuration problem.
Does anyone have any idea what could be the problem? Is this system too slow to handle firewall duties? |
|
Back to top |
|
|
Shining Arcanine Veteran
Joined: 24 Sep 2009 Posts: 1110
|
Posted: Sun Jan 31, 2010 3:18 am Post subject: |
|
|
If your transfer speeds are being capped at 10Mbps, it sounds like your network card is running in 10base-T mode, which is the speed ethernet originally had back in the 1980s. Are you sure that you have the proper drivers for your network card? Your system might be using the drivers for a 10Mbps network card for your network card.
I wish I could be more helpful, but I am new to this sort of stuff myself. I hope this helps. |
|
Back to top |
|
|
dogshu Apprentice
Joined: 22 Jun 2003 Posts: 173 Location: New Haven, CT, USA
|
Posted: Sun Jan 31, 2010 4:48 am Post subject: Re: Iptables & network performance on SunFire v100 |
|
|
run "ethtool eth0" and "ethtool eth1" and make sure both are set to 100 megabit. emerge ethtool if it's not already installed. |
|
Back to top |
|
|
djericj n00b
Joined: 31 Jan 2010 Posts: 2
|
Posted: Sun Jan 31, 2010 5:40 pm Post subject: |
|
|
Thank you for the suggestions. After some research it appears thy I was indeed running both NIC in 10 base T mode. This was confirmed by ethtool. I also determined that I appear to be running the correct driver. Based upon my research the Davicom chips in the SunFire v100 can actually use two different drivers, dmfe and tulip. I found that several people on various forums recommended the tulip driver over the dmfe driver. I also seemed to have more success using the tulip driver as the dmfe driver was flaky and seemed to have problems loading at boot time. This was true if I compile the driver as a module or directly
into the kernel.
So after a bit more research I ended up autoloading the tulip driver with options 5,5 which forces the driver into 100baseT. Once this change had been made I experienced a 50% increase in performance to about 15 mps.
While this is certainly better than what I was getting, it us still not operating at max or near max speed. I would expect some overhead from using an SPI firewall but is a 5 mps reduction reasonable? My Internet connection max speed from my ISP is 20 mps so I am not entirely clear as to why I'm still getting approxamately 25% decrease in throughput. Could this just be a symptom of the overhead incurred by iptables or the system itself? |
|
Back to top |
|
|
|