[email protected] (Patrick), 2014.10.02 (Thu) 16:32 (CEST): > Hi, > > I use a OpenBSD based firewall (version 5.2, I know I should upgrade > but ...) between a 8 host cluster of Linux server and 300 clients > which will access this clutser via VNC. Each server is connected with > one gigabit port to a dedicated switch and the firewall has on each > site one gigabit (dedicated switch and campus network). > > The users complains about slow VNC response times (if I connect a > client system to the dedicated switch, the access is faster, even > during peak hours), and the admins of the cluster blame my firewall > :(. > > I use MRTG for traffic monitoring (data retrieves from OpenBSD in one > minute interval) and can see average traffic of 160 Mbit/s during > office hours and peaks and 280 Mbit/s. With bwm-ng and a five second > interval I can see peaks and 580 Mbit/s. The peak packets per second > is arround 80000 packets (also measured with bwm-ng). The interrupt of > CPU0 is in peak 25%. So with this data I don't think the firewall is > at the limit, I'm right? > > The server is a standard Intel Xeon (E3-1220V2, 4 Cores, 3.10 GHz) > with 4 GByte of memory and 4 1 Gbit/s ethernet cooper Intel nics > (driver em). > > Where is the problem? Can't the nics handle more packets/second? How > can I check for this? > > If I connect a client system directly to the dedicated system, the > response times are better. > > Thanks for your help, Patrick
I cannot help you on the topic but on improving your response rate: provide a dmesg. At least. The precogs are on vacation ;-) Bye, Marcus
