[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    route-to performance problem
From:       Chris Smith <bsd782 () chrissmith ! org>
Date:       2007-10-04 17:12:04
Message-ID: 200710041312.04945.bsd782 () chrissmith ! org
[Download RAW message or body]

Hello,

I'm using route-to to allow specific systems to use different external 
interfaces and seeing a performance issue.

The performance issue is that normal web access is horrifically slow, yet when 
doing a download test the results show the proper bandwidth.

I'm not using route-to to create a round-robin scenario which is what most of 
the examples I found involve, which makes me not totally convinced I have 
everything set up properly.

Basic scenario is 2 internal interfaces (2 separate subnets) and three 
external (gateway) interfaces (a T1 line - the default gateway, a 4Mb/s cable 
line, and an 8Mb/s cable line). My current testing is just using one system 
to route-to one of the non-default gateways.

Simplified ruleset:
==================================================================
nat on $ext_if inet tag WOW_8_NAT tagged WOW_8 -> $wow_8_ad1
nat on $ext_if inet from $s3_if:network to any -> $ext_ad

pass in on $s3_if inet from $s3_if:network to !$alt_if flags S/SA keep state
pass in on $s3_if inet from $orion7 to !$alt_if flags S/SA keep state tag W
OW_8

pass out on $s3_if from any to $s3_if:network flags S/SA keep state

pass out on $ext_if all keep state flags S/SA
pass out on $ext_if route-to ( $wow_8_if $wow_8_gw ) all keep state flags S/SA 
tagged WOW_8_NAT
==================================================================

Basically I'm tagging the system(s) that will use the alternate wow_8_if with 
the WOW_8 tag.
Because they are tagged as such they get natted to the address of the 
wow_8_if, which is wow_8_ad1 (there are aliases but I'm not using them 
currently) and retagged WOW_8_NAT (although I'm not sure the nat statement is 
wholly correct).
The packets that match the WOW_8_NAT tag are then routed through the wow_8_if 
to wow_8_gw and do not take the default route via the ext_if (T1 line).

Seems to work correctly except for the performance issue noted - speed tests 
(voip performance tests) work fine but normal browsing is horrifically slow - 
pages that load via the default route in the blink of an eye take 30+ seconds 
to load when using route-to as I have (most likely improperly) done.

Any assistance is greatly appreciated.

Thank you.

-- 
Chris
[prev in list] [next in list] [prev in thread] [next in thread]