Skip to Content.
Sympa Menu

ndt-users - Re: iptables configurations

Subject: ndt-users list created

List archive

Re: iptables configurations


Chronological Thread 
  • From: Peter Van Epp <>
  • To:
  • Subject: Re: iptables configurations
  • Date: Tue, 1 May 2007 09:23:24 -0700
On Tue, May 01, 2007 at 10:15:12AM -0400,

wrote:
> Hi Folks,
>
> First apologies for the blank message earlier, pressing enter after
> entering the title from the web posting form will submit a blank message...
>
> Anyway, I'm trying to get NTD setup with iptables, and I'm having an issue.
> When I run iptables, everything works, except the test tells me the
> slowest link is 1.0 Gbps. But I'm on 100 Mbps.
>
> Connected to: clustr1-cis343 -- Using IPv4 address
> Checking for Middleboxes . . . . . . . . . . . . . . . . . . Done
> checking for firewalls . . . . . . . . . . . . . . . . . . . Done
> running 10s outbound test (client-to-server [C2S]) . . . . . 93.65Mb/s
> running 10s inbound test (server-to-client [S2C]) . . . . . . 93.20Mb/s
> The slowest link in the end-to-end path is a 1.0 Gbps Gigabit Ethernet
> subnet
>
> When I turn off iptables, I get the correct info:
>
> Connected to: clustr1-cis343 -- Using IPv4 address
> Checking for Middleboxes . . . . . . . . . . . . . . . . . . Done
> checking for firewalls . . . . . . . . . . . . . . . . . . . Done
> running 10s outbound test (client-to-server [C2S]) . . . . . 93.47Mb/s
> running 10s inbound test (server-to-client [S2C]) . . . . . . 93.20Mb/s
> The slowest link in the end-to-end path is a 100 Mbps Full duplex Fast
> Ethernet subnet
>
> I'm clearly missing something in the firewall configuration, here's my
> iptables status:
>
<snip>

You aren't necessarily missing anything in your config. I expect you
are seeing an effect of buffering by iptables. Ndt figures your link speed
by measuring the packet arrival times, if iptables buffers a few packets and
then presents them as fast as it can it will fool ndt into thinking the link
is faster than it is. The same things happens if you have interrupt moderation
enabled on the Intel gig cards (it thinks the link is 10 gigs as it gets a
stream of packets all on the same interrupt :-)).

Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada

Archive powered by MHonArc 2.6.16.

Top of Page