Bug #3241
Traffic shaping doesn't work well with generic receive offload
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-firewall-base | |||
Target version: | v6.6 | |||
Security class: | Resolution: | |||
Affected version: | v6.6-final | NEEDINFO: | No |
Description
If the ethernet board has GRO enabled (default), traffic shaping doesn't work well: it usually makes the download speed much slower then the imposed limits.
Associated revisions
Use rate-estimated filters for tcinterfaces. Refs #3241
History
#1 Updated by Filippo Carletti almost 6 years ago
Steps to reproduce:¶
- make sure you have a GRO enabled board as wan (substitute eth4 with your wan)
ethtool -k eth4 | grep generic-receive-offload generic-receive-offload: on
- set limits and enable traffic shaping
- ensure that nobody is using the connection and make a speedtest (I used http://speedof.me/)
- download speed should be much lower then set limit
- disable GRO
ethtool -K eth4 gro off
- new speedtest, speed should be closer to link speed
#2 Updated by Filippo Carletti almost 6 years ago
From man shorewall-tcinterfaces:
Rate-estimated filters should be used with Ethernet adapters that have Generic Receive Offload enabled by default.
#3 Updated by Filippo Carletti almost 6 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#4 Updated by Filippo Carletti almost 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Filippo Carletti
- Target version set to v6.6
- % Done changed from 20 to 30
#5 Updated by Filippo Carletti almost 6 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Filippo Carletti) - % Done changed from 30 to 60
#6 Updated by Davide Principi almost 6 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing/6.6
nethserver-firewall-base-2.6.5-1.11.g8128d20.ns6.noarch.rpm
#7 Updated by Davide Marini almost 6 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
the new firewall-base correctly write tcinterfaces file with ~ before the download speed:
[root@JLS-s50 ~]# diff u tcinterfaces.ori /etc/shorewall/tcinterfaces tcinterfaces.ori 2015-09-02 11:25:39.564582658 0200
--
++ /etc/shorewall/tcinterfaces 2015-09-02 11:10:26.762765710 +0200@ -19,6 +19,6
@
#
###############################################################################
#INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH
-eth1 - 14000kbit 980kbit
-eth2 - 6000kbit 500kbit
+eth1 - ~14000kbit 980kbit
+eth2 - ~6000kbit 500kbit
Many tests have been performed and the download speed has incredibly improved with the new syntax, reaching values close to those of the nominal speed
#8 Updated by Davide Principi almost 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates/6.6
nethserver-firewall-base-2.7.1-1.ns6.noarch.rpm