It's not. # ethtool -k eth1 Offload parameters for eth1: rx-checksumming: on tx-checksumming: on scatter-gather: on tcp-segmentation-offload: off udp-fragmentation-offload: off generic-segmentation-offload: off generic-receive-offload: off large-receive-offload: off ntuple-filters: off receive-hashing: off
-Olivier ----- Mail original ----- De: "Tom Eastep" <[email protected]> À: "Shorewall Users" <[email protected]> Envoyé: Mercredi 4 Décembre 2013 00:56:39 Objet: Re: [Shorewall-users] Multiple ISP + traffic shapping = poor download speed On 12/3/2013 2:03 PM, [email protected] wrote: > Hello, > > Thanks for the great Shorewall which has replaced my hard to maintain > home-made scripts. > > First, what works. > > Our local network is 10.48.X.X with multiple vlan, each on a dedicated > interface. We use Shorewall 4.4.11 from Debian Squeeze. > > We have a 2 ISP: > - isp1 : an optical fiber provider with 10 Mbps. > - isp2 : a DSL provider with 15Mbits/1Mbits. > > We use isp2 as the default outgoing provider. The isp1 provider is used for > "critical" services (SSH...) and for incoming connections (VPN...). > > Our interfaces file : > ======================== > isp1 eth0 detect > logmartians,nosmurfs,routefilter=0,tcpflags > isp2 eth1 detect > logmartians,nosmurfs,routefilter,tcpflags > ======================== > > Here is our providers file: > ======================== > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY > OPTIONS COPY > isp1 1 0x100 - eth1 37.X.X.X track,loose > - > isp2 2 0x200 - eth2 217.X.X.X > track,balance - > ======================== > > Here is an extract of our tcrules file: > ======================== > ###################################################################################################################### > #MARK SOURCE DEST PROTO DEST SOURCE USER TEST > LENGTH TOS CONNBYTES HELPER > # PORT(S) PORT(S) > > # ISP1 DNS => ISP1 > 256 0.0.0.0/0 37.X.X.X > 256 $FW 37.X.X.X > > # ISP2 DNS => ISP2 > 512 0.0.0.0/0 127.X.X.X > 512 $FW 127.X.X.X > > # Google DNS => ISP1 > 256 0.0.0.0/0 8.8.8.8,8.8.4.4 > 256 $FW 8.8.8.8,8.8.4.4 > > # VPN IPsec (out) => ISP1 > 256 0.0.0.0/0 0.0.0.0/0 udp 500,4500 > 256 $FW 0.0.0.0/0 udp 500,4500 > > # Force one host to ISP1 > 256 10.48.1.10 0.0.0.0/0 > > # Force all SSH to ISP1 > 256 0.0.0.0/0 0.0.0.0/0 tcp 22 > 256 $FW 0.0.0.0/0 tcp 22 > ======================== > > Yesterday we added VoIP. To do so, we force traffic from our Asterisk server > to go throw ISP1 with a dedicated public IP and force the traffic from this > dedicated public IP to go to Asterisk server (with IP filtering for > security). This works too. > > Now, my problem is to put QoS (using TC_ENABLED=Internal). I try many > configuration but always have the same problem: once the isp1 interface is > listed in tcdevices, we have poor download speed. Even with/without other TC > configuration. > > Here is our tcdevices file: > ======================== > #NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED > #INTERFACE INTERFACES > 1:isp1 10240kbit 10240kbit > ======================== > > We use an external server to test download speed with IP 5.X.X.X so we added > in tcrules: > ======================== > 256 0.0.0.0/0 5.X.X.X > $FW 0.0.0.0/0 5.X.X.X > ======================== > > The results are: > - without isp1 in tcdevices => more than 1MB/s (bytes measured with wget > command) > - with isp1 in tcdevices => less than 300 kB/s > > If I change bandwidth of isp1 to something more than 70000kbit, all goes > right... Other lower value have the same problem but with different download > speed (seems proportional to the interface speed). > > Here is a result of the following command: tc -s -d class show dev isp1 > ======================== class htb 1:1 root rate 10240Kbit ceil 10240Kbit > burst 1598b/8 mpu 0b overhead 0b cburst 1598b/8 mpu 0b overhead 0b level 7 > Sent 1111091 bytes 11680 pkt (dropped 0, overlimits 0 requeues 0) > rate 83656bit 124pps backlog 0b 0p requeues 0 > lended: 0 borrowed: 0 giants: 0 > tokens: 17781 ctokens: 17781 > ======================== > > Rates seems to be OK. > > Have someone the same problem? > Sounds like Shorewall FAQ 97a. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
