NOVELL FORUMS
Support Home Communities Home   FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 13-Jul-2008, 05:55 AM
David Arre
NNTP User
  
Posts: n/a
Default SLES poor bandwidth through NAT firewall
Hi, I hope someone might be able to help figure out a problem I have run
into here. We are in the middle of a migration from NetWare to
OES2-Linux and SLES servers. In the process we have installed pfSense as
our new firewall. It seems to work quite well. Also, I was testing squid
on SLES 10 SP2 as a web proxy. Here is the problem:

In testing squid I noted that the internet speed on downloads was slow.
Testing bandwidth through bandwidth.com yielded a download result of
6-10 Mbs. We have a 100 MB connection. Pointing my web client to the old
BorderManager, or directly through pfSense, resulted in download of 46 MBs.

I then went to the squid server itself. Without squid running, and
directly on the server, I tried the test through pfSense. 6-10 MBs, with
some hesitations in the download. I pointed the browser to the
BorderManager. 46MBs, smooth download (I checked, the download test file
was not cached). Running QCheck on the SLES server showed an internal
transfer speed of 1GB, wire speed. I tried a large file between another
internal server... fast transfer.

I tried another SLES 10 server (SP1) going through pfSense... same
6-10MBs result... but an OES2 server running as a domU in XEN can
connect through pfSense at the full 46MBs!!

HOWEVER... I tried other platforms through pfSense. Mac OSX and Windows
XP & 2003, and these workstations got the 46MBs smooth transfer!!

Ethereal captures on the squid box and on pfSense show a large number of
duplicate acks and retransmissions from the SLES downloads.

So the common denominator in the poor bandwidth seems to be a connection
that goes through the NAT of pfSense and a SLES server. I tried other
obvious things... including disabling IPv6 on SLES, but no joy.

Has anyone ever seen this phenomenon? Any esoteric tweaks I can try on
SLES? I orginally suspected pfSense as the culprit, but since other
platforms can get the full bandwidth from it, the finger points to SLES.

Here is the hardware breakdown:

Squid - HP Proliant DL160G5 12GB RAM, Dualcore Xeon @ 3.4GHz saw the
slowdown both on internal HP/broadcom nics and an Intel PCIe adapter.

Zen (also tested slow) - HP DL360G5, 6GB RAM Internal NIC

OES2 XEN Guest: Runs on a host HP DL380G5 with paravirtualization,
bridged to one NIC. Host is SLES 10 SP2.

pfSense: Base OS is freeBSD, HP DL140G3, 4GB RAM, Internal Broadcom Nics
plus one Intel PCIe NIC.

Any suggestions are much appreciated!! Thanks.
Reply With Quote
 

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -6. The time now is 11:21 AM.
Contact Us - NOVELL FORUMS - Archive - Privacy Statement - Top

© 2007 Novell, Inc. All Rights Reserved.

SEO by vBSEO 3.1.0