Koozali.org: home of the SME Server

Network Slowness

Zeromus

Network Slowness
« on: August 17, 2000, 07:40:05 PM »
We have a full T-1 at our office. I had Mandrake 7.1 set up as a firewall between our public and private networks and allowed outbound traffic using ipchains. For some reason, on the public side (other side of firewall) I could get about 1.5 mb, but on the inside only 700 to 800k. To rule out Mandrake, I installed e-smith 3.1 on the same box (P3-450, 256 megs ram, 18 gig SCSI LVD, 2 Intel EEPros). No change there. Tried a diff box. No change there either. Any idea of what this could be??

Paul Nesbit

RE: Network Slowness
« Reply #1 on: August 17, 2000, 09:00:47 PM »
Zeromus wrote:

> We have a full T-1 at our office. I had Mandrake 7.1 set up as
> a firewall between our public and private networks and allowed
> outbound traffic using ipchains. For some reason, on the public
> side (other side of firewall) I could get about 1.5 mb, but on
> the inside only 700 to 800k. To rule out Mandrake, I installed
> e-smith 3.1 on the same box (P3-450, 256 megs ram, 18 gig SCSI
> LVD, 2 Intel EEPros). No change there.

When you say no change, do mean the network behaved exactly as it had when e-smith 4.0 was installed?

> Tried a diff box. No
> change there either. Any idea of what this could be??

Still far slower on the other side of your firewall?  It _sounds_ like the problem is with your firewall.


Paul

Zeromus

RE: Network Slowness
« Reply #2 on: August 17, 2000, 10:48:04 PM »
Lemme see if i can simplify the prob...the e-smith box is acting as the firewall right now until our PIX arrives.

Private IP's                                                                Internet IP's
Internal Network----->e-smith(gateway/firewall)---->DMZ------->Internet
700-800k on                      2 100mb NICS               PC on this                          
this side                                                         side gets 1.5k out


The first stab at a firewall was the Mandrake box... (physical machine no.1)
With this mandrake machine in place. Any PC behind it (masq'ed) would get only 700-800k.
Installed e-smith on physical machine no.1. Still the same prob, any machine behind this firewall would gt only 700-800k speed.
Installed e-smith on another machine (physical machine no.2). No change, any machine behind the e-smith box would only get about 700-800k.

Now, if I take a PC, put it on the public side of the firewall (e-smith machine) the speed is about 1.5k.

Charlie Brady

RE: Network Slowness
« Reply #3 on: August 17, 2000, 11:16:21 PM »
Zeromus wrote:

> The first stab at a firewall was the Mandrake box... (physical
> machine no.1) With this mandrake machine in place. Any PC
> behind it (masq'ed) would get only 700-800k. Installed e-smith
> on physical machine no.1. Still the same prob, any machine
> behind this firewall would gt only 700-800k speed. Installed
> e-smith on another machine (physical machine no.2). No change,
> any machine behind the e-smith box would only get about
> 700-800k.

Your test with Mandrake shows that this is not a problem specific to the e-smith server and gateway. It may be a limitation of some part of your hardware, although I have a suspicion that you are seeing symptoms of resource contention in the linux kernel. The new 2.4 linux kernel (available Real Soon Now) has had some major architectural changes - some of them to allow full TCP throughput on multiple interfaces simultaneously.

Regards

Charlie

Zeromus

RE: Network Slowness
« Reply #4 on: August 18, 2000, 12:05:09 AM »
I think I may have found the problem, I not sure if the kernel for e-smith was complied for the advanced router function enabled. I found that Mandrake was not. I will try this with mandrake and see what happens. I'll post whether this works or not, and any other things I run across.

Colin Mattoon

RE: Network Slowness
« Reply #5 on: August 21, 2000, 07:45:43 PM »
I have done this several times with Linux gateways (but not with e-smith) and it did improve data trasfer speed. But I don't recommend installing a router kernel in your machine -- even if this doesn't break e-smith -- the e-smith gateway server is not just a gateway router -- it is also a host.

Q-mail, samba, apache, etc., are not ordinarily run on machines that have check sums disabled and that is what distinguishes a router kernel from a host kernel.