[H-GEN] Improving UDP performance on firewall?

David Harrison trogspam at games.telstra.com
Thu Dec 2 19:01:54 EST 2004


Anyone have any suggestions on how to improve UDP performance on a Linux 
firewall (2.4.26 kernel) ? We currently have a number of hosts behind 
the firewall, and as soon as we start getting a certain amount of 
traffic, we're seeing poor performance - pings to the firewall and boxes 
behind the firewall go up and we start dropping packets. The majority of 
the traffic is UDP (games and streaming media).

Most of the network tuning tips I've found have to do with the various 
/proc/sys/net/ipv4 stuff like tcp_wmem and from what I can see they'll 
only improve TCP performance.

ifconfig reports no errors or dropped packets on the internal interfaces 
(with some overruns/errors on the external interface - 129/51 
respectively). /proc/net/softnet_stat isn't reporting any dropped 
packets either, which I'm finding odd, and it lead me to believe it was 
the router at first.

I'm fairly confident its not the router - I can ping the router's 
internal interface and not see any of the performance degradation, but 
the next hop (the firewall) it starts dropping packets, higher ping 
times, etc. I'm assume that when pinging the router's internal 
interface, the packets are going through the same routing process as a 
packet going to the next hop would, so based on that I've tenatively 
ruled out the router.

Any thoughts appreciated,
-- david







More information about the General mailing list