Bug #3241

Traffic shaping doesn't work well with generic receive offload

Added by Filippo Carletti almost 6 years ago. Updated almost 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-firewall-base
Target version:v6.6
Security class: Resolution:
Affected version:v6.6-final NEEDINFO:No

Description

If the ethernet board has GRO enabled (default), traffic shaping doesn't work well: it usually makes the download speed much slower then the imposed limits.

Associated revisions

Revision 8128d206
Added by Filippo Carletti almost 6 years ago

Use rate-estimated filters for tcinterfaces. Refs #3241

History

#1 Updated by Filippo Carletti almost 6 years ago

Steps to reproduce:

  1. make sure you have a GRO enabled board as wan (substitute eth4 with your wan)
    ethtool -k eth4 | grep generic-receive-offload
    generic-receive-offload: on
    
  2. set limits and enable traffic shaping
  3. ensure that nobody is using the connection and make a speedtest (I used http://speedof.me/)
  4. download speed should be much lower then set limit
  5. disable GRO
    ethtool -K eth4 gro off
    
  6. new speedtest, speed should be closer to link speed

#2 Updated by Filippo Carletti almost 6 years ago

From man shorewall-tcinterfaces:

Rate-estimated filters should be used with Ethernet adapters that have Generic Receive Offload enabled by default.

#3 Updated by Filippo Carletti almost 6 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#4 Updated by Filippo Carletti almost 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Filippo Carletti
  • Target version set to v6.6
  • % Done changed from 20 to 30

#5 Updated by Filippo Carletti almost 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Filippo Carletti)
  • % Done changed from 30 to 60

#6 Updated by Davide Principi almost 6 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing/6.6
nethserver-firewall-base-2.6.5-1.11.g8128d20.ns6.noarch.rpm

#7 Updated by Davide Marini almost 6 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

the new firewall-base correctly write tcinterfaces file with ~ before the download speed:

[root@JLS-s50 ~]# diff u tcinterfaces.ori /etc/shorewall/tcinterfaces
--
tcinterfaces.ori 2015-09-02 11:25:39.564582658 0200
+
+ /etc/shorewall/tcinterfaces 2015-09-02 11:10:26.762765710 +0200
@ -19,6 +19,6 @ # ###############################################################################
#INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH
-eth1 - 14000kbit 980kbit
-eth2 - 6000kbit 500kbit
+eth1 - ~14000kbit 980kbit
+eth2 - ~6000kbit 500kbit

Many tests have been performed and the download speed has incredibly improved with the new syntax, reaching values close to those of the nominal speed

#8 Updated by Davide Principi almost 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates/6.6
nethserver-firewall-base-2.7.1-1.ns6.noarch.rpm

Also available in: Atom PDF