Hi, I'm running some applications on virtual servers with a virtual firewall/router running Shorewall. Shorewall is version 4.6.4.3-2 on Debian.
The virtualization platform is libvirt/KVM + Open vSwitch. I'm noticing latency doubles when things go through the firewall. In particular, I have recently set up a couple of virtual desktops and I'm trying to access them with the SPICE protocol. It is supposed to be more efficient than VNC or RDP but I'm finding there is always latency in the UI. I tried some ping tests (from my home, using a gigabit fibre connection) and observed: ping the physical server = 0.8ms ping the virtual firewall = 1.4ms ping the virtual server = 1.8ms I run Smokeping on various other nodes to monitor latency as well, the reports are consistent with those ping times. I tried increasing RAM and CPU cores for the virtual firewall and upgrading it to a Linux 4.9 kernel. There was no change. Are there other improvements I can make to reduce latency? Is it possible an upgrade to Shorewall 5 will make any difference? 5.0.15.6 is in Debian stretch[1] Can Shorewall be used without connection tracking and could that possibly make a difference? Regards, Daniel 1. https://packages.qa.debian.org/s/shorewall.html ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
