Diagnosing (inter)network problems (lag, dropped packets etc.)

[Amadeus Stevenson]

Hello all,

I'm looking after a ~50 user LAN with one ADSL link (4mb up/468K
down). Most of the users are students and file-sharing is popular. I'm
running netbsd 2/ipf 4.1.3/ALTQ.

I get people coming up to me every day with some complaint about the
internet link:

-it's slow
-it keeps disconnecting

I should mention after the ipf gateway further nat'ing is taking place
by a speedtouch adsl router. It's uptime is quite good.

I figured the first bottleneck was with the small uplink which was
quickly being saturated with file sharing uploads.

I stuck ALTQ with priq on the external link to prioritise interactive
traffic (ssh etc) so lag was minimised.

This seemed to work, until more complaints.

Then I saw gigabytes of data being downloaded (ipfstat -t, "b")
overnight, so I thought maybe priq on the internal interface would
solve that. Guess not!

At the moment what I'd like to ask is the best way of figuring out
what's causing connection problems. ipfstat is very useful, but
sometimes I'm not sure of the best way to use it.

For example (rtk0 is external)

# altqstat -i rtk0
altqstat: priq on interface rtk0

rtk0:

rtk0:
[high_class] handle:0xc07b29c0 pri:2
  measured: 0.96Kbps qlen: 0 period:185152
     packets:200235 (18414406 bytes) drops:155
[med_class] handle:0xc07b5180 pri:1
  measured: 65.39Kbps qlen: 0 period:1718517
     packets:2345543 (266837310 bytes) drops:6
[low_class] handle:0xc07bcf00 pri:0
  measured: 332.61Kbps qlen: 8 period:4822938
     packets:8974740 (3207586134 bytes) drops:169196

The low class is default and is anything not http, ssh, "vital
services" etc. (ie. file sharing)

>From the above the total rate is right up to the 400K I set in
altq.conf. What's using it up?

ipfstat -t shows me a state table with only some of the connections
active, and not as active as the above. How can I found out what
traffic is causing the low_class bandwidth usage?

I would have thought the ALTQ would cope with this but the lag is
definitely noticeable.

The disconnections are not really explainable as the modem uptime is
far greater than the disconnections experienced. Also since the things
disconnecting are prioritised I don't see where that problem could be.

Any help or pointers to docs would be most appreciated. I spend too
much time fiddling with ipf and altq rulesets as it is!

Amadeus