On IPCop and traffic shaping
Jun. 19th, 2007 01:46 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
torkellToday's discovery: IPCop's traffic shaping is really odd.
About a year ago, I set up traffic shaping at 10240 kbits/sec down, 448 kbits/sec up and forget about it.
Today, I was puzzling over why the slower ADSL2+ connection (3.5Mb/s down, 1.2Mb/s up) actually performed better than the ntl cable (rated for 10Mb/s down, 512kb/s up, in practice about 4Mb/s down) and realised that all testing with ADSL2+ had excluded the IPCop firewall. So I disable the traffic shaping on a whim, and download speeds doubled.
Testing with Virgin Media's FTP server, I just managed to download a 252MB file in about 6 minutes 30 seconds. That's 6.55Mb/s. That's about 2Mb/s more than we generally get from this connection.
Right, anyone know how to set up IPCop traffic shaping such that it doesn't suck?
About a year ago, I set up traffic shaping at 10240 kbits/sec down, 448 kbits/sec up and forget about it.
Today, I was puzzling over why the slower ADSL2+ connection (3.5Mb/s down, 1.2Mb/s up) actually performed better than the ntl cable (rated for 10Mb/s down, 512kb/s up, in practice about 4Mb/s down) and realised that all testing with ADSL2+ had excluded the IPCop firewall. So I disable the traffic shaping on a whim, and download speeds doubled.
Testing with Virgin Media's FTP server, I just managed to download a 252MB file in about 6 minutes 30 seconds. That's 6.55Mb/s. That's about 2Mb/s more than we generally get from this connection.
Right, anyone know how to set up IPCop traffic shaping such that it doesn't suck?
no subject
Date: 2007-06-19 02:08 pm (UTC)A quick speed test with speedtest.net to London showed more than double the downstream bandwidth and a slight increase on upstream. Will saw a significant increase on bittorrent and the like as well.
Not sure about the flat spots - it's not been long enough to tell if this was tha cause of the outages, but given IPCop's recent flakiness in general it could be related. I've never been quite sure just what was failing when the connection dropped.
I'm still not sure how the traffic shaping actually caused this. About the only theories I can come up with are "the web interface is changing the wrong values" or "the traffic shaper is broken". Possibly the traffic shaper doesn't work once the speed rises above a certain point? Unfortuantly the web interface doesn't say on which interfaces the shaper is applied, or in which direction.
...thinking about it, if the shaper is shaping *all* traffic (not just green--red, but green--black as well), then this could explain problems in connecting to ipcop if the shaper is throttling back too much.
This is all conjecture - to actually know what's going on I'd need to know how the shaper actually works, and how well it copes with large amounts of traffic.
no subject
Date: 2007-06-19 02:14 pm (UTC)And the core is overdue for an audit, but I've been busy. Once continuity is finished and running, I think I'll get on that. Check for rogue servers, check for unexplainable activity, then set up a network-wide monitoring system based on Zenoss or Nagios.
Probably. If I have time.
*mutters about 'time'*