[H-GEN] Improving UDP performance on firewall?
David Harrison
trogspam at games.telstra.com
Thu Dec 2 19:01:54 EST 2004
Anyone have any suggestions on how to improve UDP performance on a Linux
firewall (2.4.26 kernel) ? We currently have a number of hosts behind
the firewall, and as soon as we start getting a certain amount of
traffic, we're seeing poor performance - pings to the firewall and boxes
behind the firewall go up and we start dropping packets. The majority of
the traffic is UDP (games and streaming media).
Most of the network tuning tips I've found have to do with the various
/proc/sys/net/ipv4 stuff like tcp_wmem and from what I can see they'll
only improve TCP performance.
ifconfig reports no errors or dropped packets on the internal interfaces
(with some overruns/errors on the external interface - 129/51
respectively). /proc/net/softnet_stat isn't reporting any dropped
packets either, which I'm finding odd, and it lead me to believe it was
the router at first.
I'm fairly confident its not the router - I can ping the router's
internal interface and not see any of the performance degradation, but
the next hop (the firewall) it starts dropping packets, higher ping
times, etc. I'm assume that when pinging the router's internal
interface, the packets are going through the same routing process as a
packet going to the next hop would, so based on that I've tenatively
ruled out the router.
Any thoughts appreciated,
-- david
More information about the General
mailing list