Re: Network slow with "new" kernel (debianuser: to exclusive)
Hello Camaleón,
> > we have a strange problem here at our company:
> >
> > We have a few linux machines behind a firewall.
>
> What kind of firewall? Iptables rules or some kind of commercial
> appliance?
It's a commercial appliance: Sonicwall NSA3500.
> Computers with older kernels are running the same OS version than
> machines with newer kernels? I mean, is the kernel version the only
> difference between the machines that behave okay or are another
> factors that come to play?
It's a bit the other way round. These are a few machines that I tested:
PT-AGCMLX1 2.6.26-2-686 #1 SMP Wed Nov 4 20:45:37 UTC 2009
PT-CMDEVLX1 2.6.26-2-686 #1 SMP Wed Nov 4 20:45:37 UTC 2009
CMDevLin2 2.6.26-2-686 #1 SMP Wed Nov 4 20:45:37 UTC 2009
CMDevLin3 2.6.32-5-686 #1 SMP Mon Jun 13 04:13:06 UTC 2011
pc-cm-gru-virtlinux1 2.6.32-5-686 #1 SMP Wed May 18 07:08:50 UTC 2011
They all run debian. The older ones (the first group with 2.6.26
kernels) run debian 5.0, the newer ones run debian 6.0. A colleage of
mine who didn't arrive yet has an always up to date archlinux with a
kernel newer than 2.6.32.
Among them are two selfassembled servers, an elder dell quad core
server, two dell desktops and two virtual machines (one of them a
virtualbox, the other xen). So it's a very heterogeneous group.
But: all of them who have a 2.6.32 or newer kernel have the
slow-internet-problem. All of them who have a 2.6.26 kernel don't have
the problem.
The rest of our ~200+ PCs is running windows. They don't have the
problem. You can imagine, with how much pressure this issue is
handled ;)
So for me this boils down to the kernel version in combination with our
firewall (or whatever is special here in our company).
> > Have you any idea what's wrong?
I beg your pardon for my grammar. It's hard to miss that I'm not a
native english speaker (blush)
> I would try first to remove (not in the sense of "eliminating" but
> "bypass") the firewall to discard the problem is generating from
> there.
Yes, this would be sane. But the company won't switch it off and I
don't think we have a way to bypass it :s
Thanks for your help,
P.S.: Don't miss my next answer to myself ;)
--
Markus Grunwald
Reply to: