[Bridge] Performance problems with bridgeing

Wed, 12 Dec 2001 07:06:26 -0800 

Hi

I want to start with how nice this bridge/netfilter function is! it saves
me alot of time and reorganizing the network.
Here is my network layout

              ________     _________    _______
              |100MBit|   |         |  |100Mbit|
-- 100MBit -- |Switch1|-- |bridge/fw|--|Switch2|--- firewalled network
  internet    |_______|   |_________|  |_______|
 
On Switch1 there some hosts that require that they are not firewalled,
switch2 has the firewalled ones.

The NICs I use is Intel Ethernet Pro 100, switches are from HP (procurve)

Rules etc works fine, no problem with that, did just like the readme said
and voila.

The performance problem is not with the amount of rules (tried without
them) and even so I dont have alot of rules.

I tested to transfer a file between a computer on switch1 and switch2 and
initiatelly the speed is fine (around 10MByte/s) then with about 10secs in
between the transferrate drops to almost zero, just to climb up again.
It seems like som buffer problem or that that somewhere a icmp squenche
gets sent, monitoring with tcpdump while transfering (and this slowdown
happens) I cant get any icmp messages that should interfere with the
transter. 

Top speed is 11MByte/s and when its bad it drops down to ~3MByte/s.

when running vmstat 1 on the bridge/fw the context switches are ~30 000,
when the slowdowns are it drops to 100-300 (depending how much other
traffic thats going on right now)

Bridge/fw hardware is the eepro as I said before, the CPU is a AMD 1500+
and the motherboard is Micostar K7T266Pro (the cpu idles most of the
time...).
Without the bridge I get almost wire speed (~10MByte/s)

Running kernel is 2.4.16 with bridge-nf-0.0.4 patch (not pre1)

Does anyone else have these problems? or is it just me...

This is my few cents.. if anyone have a clue about wht the speed drops so
much with ~10 secs interval, please let me know.

Regards H�kan

If I spelled wrong somewhere.. I hope you all get the picture anyway :)
and Im sorry for the long mail...

-- 
_________________________________
H�kan Stensby
E-mail: hst(at)nsc(dot)liu(dot)se 
_________________________________

_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge

Reply via email to