Hello My firewall has 2x4 CPU cores. It is used as a Shorewall firewall and for several Vserver guests.
For VOIP purposes would like my ingress to traverse an intermediate functional block. However, when one or more of the cores has a high load, packets over IFB0 get dropped. When I load up four cores with something like: pbzip2 -9 -c test.flac > test2.bz2 and ping through the firewall with something like: ping -i .5 -c 20 <my ISP> I achieve such statistics as: 20 packets transmitted, 15 received, 25% packet loss, time 9548ms rtt min/avg/max/mdev = 18.100/21.600/26.591/2.649 ms For this test netstat says that for IFB0, TX-DRP goes from 135 to 203. shorewall dump (http://bpaste.net/show/121592/). Under the same configuration but without a high CPU load on any core no packets are dropped: 20 packets transmitted, 20 received, 0% packet loss, time 9518ms rtt min/avg/max/mdev = 15.858/21.792/33.518/3.910 ms When traffic control is turned off (http://bpaste.net/show/121593/), or ingress no-longer traverses IFB0, the CPU load can be high for any number of cores and packets are not dropped. What should I do so that when ingress traverses IFB0 and a core is fully loaded packets are not dropped? Regards Fog_Watch. -- "A. Because it breaks the logical order of conversation. Q. Why is top posting bad?" ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
