-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello List ! I have set up a firewall (susefirwall 4.3) between the internet and our internal network. One thing I have noticed is that the backups have slowed down by a factor of 10 ! the adsm backup machine is in the external network, connected via a 100Mbit ethernet card and the machines that are backed up are in the DMZ, also connected via a 100Mbit ethernet card. adsm needs port 1500 and uses a tcp buffersize of 16k. One thing I noticed is the both interfaces show many collisions. This is the output of ifconfig : eth0 Link encap:Ethernet HWaddr 00:80:C8:4C:3F:1F inet addr:134.76.90.254 Bcast:134.76.90.255 Mask:255.255.255.0 inet6 addr: fe80::280:c8ff:fe4c:3f1f/10 Scope:Link inet6 addr: fe80::80:c84c:3f1f/10 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2573757 errors:0 dropped:0 overruns:0 frame:0 TX packets:2487098 errors:33900 dropped:0 overruns:3 carrier:33897 collisions:11896 txqueuelen:100 Interrupt:12 Base address:0xe000 eth1 Link encap:Ethernet HWaddr 00:80:AD:03:1C:A3 inet addr:134.76.249.89 Bcast:134.76.249.255 Mask:255.255.255.252 inet6 addr: fe80::80:ad03:1ca3/10 Scope:Link inet6 addr: fe80::280:adff:fe03:1ca3/10 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1925308 errors:8 dropped:0 overruns:8 frame:8 TX packets:2016065 errors:28270 dropped:0 overruns:0 carrier:0 collisions:1373 txqueuelen:100 Interrupt:10 Base address:0xd800 any help would be welcome. thanks, Alex. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7Hj48X1OUiCutGtcRAnGzAJ9/T9bwFK1ro/mDWEvjR2fhXg8LmwCfbRmY VtYswGQpM40ga2Qli652jUc= =SFz0 -----END PGP SIGNATURE-----
I don't know what adsm backup is but I haven't noticed any respondes, I'll make some general observations.
I have set up a firewall (susefirwall 4.3) between the internet and our internal network. One thing I have noticed is that the backups have slowed down by a factor of 10 !
With a non-trivial ipchains ruleset I still had an ftp throughput of 10MByte/s on 100Mb/s network. Can you check your basic ftp throughput? Have your NICs managed to negotiate the network speed down from Fast to Good ole' Ethernet? Anything new go into a non-switched 100Mb/s Fast Ethernet network that could cause fallback to 10Mb/s?
adsm needs port 1500 and uses a tcp buffersize of 16k. One thing I noticed is the both interfaces show many collisions. This is the output of ifconfig :
By my calculations your collision rate is insignificant (< 0.5%) 11896 * 100 / 2487098, however to get meaningful results you need to make the calculation : (Cf - Ci) * 100 / (Tf - Ti) <= r% Where Cf and Tf are the final collisions and transmissions, Ci and Ti are initials, and r% is the acceptable collision rate. Note initials at beginning of backup run, and finals at end. Your error rate seems somewhat high, but again as a percentage it is rather low. If your tcp window size is not large, then you may be dependant on the round trip times, Novell Netware was very prone to this problem in early versions, whereas a modern TCP/IP implementation will perform fairly well on a 'long' but 'broad' pipe.
the adsm backup machine is in the external network, connected via a 100Mbit ethernet card and the machines that are backed up are in the DMZ, also connected via a 100Mbit ethernet card.
This strikes me as being rather peculier, backup is mish critical, I've often built 'server' backend networks linking machines in the DMZ specially for backups, to do them to an 'external' network, rather than an internal one seems strange. That said, how are you buffering your tape drive? Many drives slow considerably if you cannot match their streaming rate, there is a command 'buffer' in the non-x application series, which allows efficient buffering, and with a high -p %, and a large size -s 16M, you can ensure the drive will be driven at it's streaming rate. Perhaps you need to buffer both ends of the network connection, to decouple the creation of the backup, from the transfer and writing of it. Maybe you can re-engineer your network topology to keep tape drive and machines to backup within the same subnet, so packets are not routed? Regards Rob
participants (2)
-
Alexander Grujic
-
Robert Davies