Re: bridge + ip_alias -- SLOW!!!

2004-09-03 Thread Gleb Smirnoff 
On Mon, Aug 30, 2004 at 09:23:23PM -0500, Andrea Venturoli wrote:

A Just to give an idea, I tested with iperf and this are the results:
A 
A internal net - xxx.xxx.xxx.1 6.93 Mb/s
A internal net - xxx.xxx.xxx.126.94 Mb/s
A internet - xxx.xxx.xxx.1 237 Kb/s
A internet - xxx.xxx.xxx.1260.3 Kb/s
A 
A So using the alias IP seems four times slower, but this is probably due to the 
bandwidth limit on the other side (I
A could only test from an ADSL): if I surf the web, choosing one of the two IPs as 
source, I get a much bigger gap.
A 
A I tried with an allow all rule as the first in the ipfw chain, and got no 
improvement, so the firewall should (IMHO)
A not be the problem.

To check whether problem live in bridge(4), you can try ng_bridge(4) instead
of it and see does this help.

-- 
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: bridge + ip_alias -- SLOW!!!

2004-09-01 Thread Andrea Venturoli 
** Reply to note from Chris Dionissopoulos[freemail] [EMAIL PROTECTED] Tue, 31 Aug 
2004 07:01:11 +0300


 Andrea, 
 Try something like this as alternative configuration: 

Thank you very much for the answer. Unfortunately I didn't want to mess remotely with 
this kind of configuration, so I
waited until I could get my hands physically on the machine today.
As I was explaining the matter to my customer, she happened to notice that the alias 
IP is no longer needed (was some
kind of subscription); just wish she had told me *before* :)

Alas, the machines fares good now with only xxx.xxx.xxx.1 and I don't like to 
experiment with a production machine,
if it works.

Still I don't know if the problem was FreeBSD or lied elsewhere, but I can't think of 
anything else, so it could be a
good candidate for investigations, if I (or anyone else) ever happen to have a similar 
configuration to play freely
with.


Thanks a lot really.

 bye
av.



___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

bridge + ip_alias -- SLOW!!!

2004-08-30 Thread Andrea Venturoli 
Hello,
I've got a problem I cannot understand and hope someone can help me.

I've got a machine which must firewall a whole class C subnet.
The upstream router (100Mb/s fiber connection) is configured as xxx.xxx.xxx.254, so 
I've chosen xxx.xxx.xxx.1 for my
box and bridge with the other xxx.xxx.xxx.* IPs (10Mb/s copper).

(In all my tests I've setup the external NIC to 10Mb/s; I wouldn't do more anyway).

ifconfig gives

fxp0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
ether 00:02:b3:5e:5c:ca
media: Ethernet 10baseT/UTP
status: active
vr0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
inet xxx.xxx.xxx.1 netmask 0xff00 broadcast xxx.xxx.xxx.255
inet xxx.xxx.xxx.12 netmask 0x broadcast xxx.xxx.xxx.12
ether 00:40:f4:77:5f:c8
media: Ethernet 10baseT/UTP
status: active
fxp1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
inet 192.168.106.1 netmask 0xff00 broadcast 192.168.106.255
ether 00:02:b3:5e:61:d0
media: Ethernet 100baseTX
status: active
vr1: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
ether 00:40:f4:77:61:c5
media: Ethernet autoselect (none)
status: no carrier
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384
inet 127.0.0.1 netmask 0xff00

vr1 is currently not used, fxp1 serves a private network, fxp0 and vr0 are bridged 
with the following:

cat /etc/sysctl.conf

net.link.ether.bridge=1
net.link.ether.bridge_cfg=vr0,fxp0
net.link.ether.bridge_ipfw=1
net.link.ether.ipfw=1

Notice I gave no IP to fxp0, since, from what I could understand, it is not needed.


uname -a gives:

FreeBSD zz 4.10-RELEASE-p2 FreeBSD 4.10-RELEASE-p2 #7: Tue Aug 24 16:45:56 C
EST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/ZZ  i386

and we are using ipfw2:

tail /usr/src/sys/i386/conf/ZZ

options IPFIREWALL
options IPFIREWALL_VERBOSE
options TCP_DROP_SYNFIN
options RANDOM_IP_ID
options IPDIVERT
options IPFW2
options BRIDGE
options DUMMYNET



As you can see vr0 also have an alias address (for reasons which are out of scope 
here) and with that the problem
begin.

I can achieve good speeds on the external side both ways (originating connections and 
working as a server) if I use
xxx.xxx.xxx.1, but xxx.xxx.xxx.12 is MUCH MUCH slower! No difference can be noted on 
the internal net or the private net
on fxp1.

Just to give an idea, I tested with iperf and this are the results:

internal net - xxx.xxx.xxx.1 6.93 Mb/s
internal net - xxx.xxx.xxx.126.94 Mb/s
internet - xxx.xxx.xxx.1 237 Kb/s
internet - xxx.xxx.xxx.1260.3 Kb/s

So using the alias IP seems four times slower, but this is probably due to the 
bandwidth limit on the other side (I
could only test from an ADSL): if I surf the web, choosing one of the two IPs as 
source, I get a much bigger gap.

I tried with an allow all rule as the first in the ipfw chain, and got no 
improvement, so the firewall should (IMHO)
not be the problem.

I'm really lost, I cannot see any reason for this difference.
Any hint?

 bye  Thanks
av.



___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]