Daniel Pocock <[email protected]> wrote: > I'm noticing latency doubles when things go through the firewall. In > particular, I have recently set up a couple of virtual desktops and I'm > trying to access them with the SPICE protocol. It is supposed to be > more efficient than VNC or RDP but I'm finding there is always latency > in the UI. > > I tried some ping tests (from my home, using a gigabit fibre connection) > and observed: > > ping the physical server = 0.8ms > ping the virtual firewall = 1.4ms > ping the virtual server = 1.8ms
What happens if you clear the firewall (shorewall clear) ? Bear in mind that when you introduce the firewall, you are (I assume) sending the packets through an extra switch, virtual NIC, virtual machine, virtual NIC. So even without any firewall processing you will add latency. Looking at the times you give above, adding the virtual switch and NIC to get to the firewall VM adds .6ms, the extra virtual NIC, virtual switch, virtual NIC to get to the server adds an additional 0.4ms. Not much in it. For something really latency sensitive, you might be better just running a firewall on the server. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
