Hi all, I have some problems with my firewall/shaping server and I think the problem lays on the shaping side. After reading everything I got into my hands I end up and have to say: I have no more ideas what this is. But first, let me explain my problem. I have the following setup: 1 Firewall/Shaper Server which is connected to the internet with a 100Mbit Interface and a 100Mbit Interface to the local net. The Firewall has 10 public Ip-Adresses. Behind the Firewall are 6 Server which are routed through the firewall (via snat/dnating). Some of these server have to be shaped. Well, this works quite well. But I have one server which shouldn't be shaped. So I configured no filter for this ip-adress (I believe, that the traffic of this server then goes through the root qdisc). But if I now try to connect to a web page hosted on this server I get a strange behavior. It looks like he load some packages, then waits a few seconds, then load some packages, then wait a few seconds and so on. The result is, that a web page which loaded before in 3 to 4 Secs now needs up to 20. The Firewall is on middle stress (I think it is middle :). It gets up to 30 Mbit/s. Both NICs are 100Mbit (one Intel, one 3COM). The hardware data of the server: 2x1GhZ, 1GB RAM, RAID1 IDE 40GB so I believe that there is no bottleneck. These are my traffic ruls: $TC qdisc add dev $EXTIF root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 #Root QDisc :) #Server 1 $TC class add dev $EXTIF parent 1:0 classid 1:2 cbq bandwidth 100Mbit rate 5Mbit weight 0.7Mbit allot 1514 cell 8 maxburst 50 avpkt $TC class add dev $EXTIF parent 1:2 classid 1:20 cbq bandwidth 100Mbit rate 2Mbit weight 0.1Mbit allot 1514 cell 8 maxburst 20 avp $TC qdisc add dev $EXTIF parent 1:20 handle 20: sfq perturb 10 quantum 1500 $TC class add dev $EXTIF parent 1:2 classid 1:21 cbq bandwidth 100Mbit rate 4Mbit weight 0.4Mbit allot 1514 cell 8 maxburst 20 avpk $TC qdisc add dev $EXTIF parent 1:21 handle 21: sfq perturb 10 quantum 1500 $TC class add dev $EXTIF parent 1:2 classid 1:22 cbq bandwidth 100Mbit rate 256kbit weight 56kbit allot 1514 cell 8 maxburst 20 avp $TC qdisc add dev $EXTIF parent 1:22 handle 22: sfq perturb 10 quantum 1500 #Server 2 $TC class add dev $EXTIF parent 1:0 classid 1:3 cbq bandwidth 100Mbit rate 8Mbit weight 1Mbit allot 1514 cell 8 maxburst 100 avpkt $TC class add dev $EXTIF parent 1:3 classid 1:30 cbq bandwidth 100Mbit rate 7Mbit weight 768kbit allot 1514 cell 8 maxburst 60 avpk $TC qdisc add dev $EXTIF parent 1:30 handle 30: sfq perturb 10 quantum 1500 $TC class add dev $EXTIF parent 1:3 classid 1:31 cbq bandwidth 100Mbit rate 256kbit weight 56kbit allot 1514 cell 8 maxburst 40 avp $TC qdisc add dev $EXTIF parent 1:31 handle 31: sfq perturb 10 quantum 1500 #Server 1 $TC filter add dev $EXTIF parent 1:0 protocol ip u32 match ip src xx.xx.xx.44/32 flowid 1:2 $TC filter add dev $EXTIF parent 1:0 protocol ip u32 match ip src xx.xx.xx.45/32 flowid 1:2 $TC filter add dev $EXTIF parent 1:2 protocol ip u32 match ip sport 20 0xffff flowid 1:21 $TC filter add dev $EXTIF parent 1:2 protocol ip u32 match ip sport 21 0xffff flowid 1:21 $TC filter add dev $EXTIF parent 1:2 protocol ip u32 match ip sport 22 0xffff flowid 1:22 $TC filter add dev $EXTIF parent 1:2 protocol ip u32 match ip sport 80 0xffff flowid 1:20 #Server 2 $TC filter add dev $EXTIF parent 1:0 protocol ip u32 match ip src xx.xx.xx.72/32 flowid 1:3 $TC filter add dev $EXTIF parent 1:0 protocol ip u32 match ip src xx.xx.xx.74/32 flowid 1:3 $TC filter add dev $EXTIF parent 1:3 protocol ip u32 match ip sport 22 0xffff flowid 1:31 $TC filter add dev $EXTIF parent 1:3 protocol ip u32 match ip sport 80 0xffff flowid 1:30 Thats all the traffic ruls. Hope you can give me a hint why this server behaves so strange! Thanks to all who might think about this! Greets, Stefan Siefert
