<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: CIPE <cipe-l,AT,inka,DOT,de>
Subject: Re: Slow file sharing performance
From: James Knott <james.knott,AT,rogers,DOT,com>
Date: Mon, 08 Sep 2003 19:29:35 -0400
In-reply-to: <200309080851.51814.alatham@flexsys-group.com>
References: <3F515FDA.5080406@rogers.com> <200309040929.00895.alatham@flexsys-group.com> <3F5A8FD8.9070207@rogers.com> <200309080851.51814.alatham@flexsys-group.com>

Allan Latham wrote:
Hi James

the problem is that the laptop is sending the icmp for port unreachable on the smb dgram port - or better said I am concerned that this is the last thing we see before all activity stops.

Set up the normal configuration i.e over dial up and cipe.

Confirm with "netstat -antup" that you have the samba listening on all the ports it should - particularly the udp dgram port (138).

udp 0 0 192.168.1.10:137 0.0.0.0:* 1773/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 1773/nmbd udp 0 0 192.168.1.10:138 0.0.0.0:* 1773/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 1773/nmbd


Confirm that you are not blocking this port with "iptables -L -v -n"

That does not show 138 etc., but then it shouldn't as my firewall is configured to allow only the VPN and SSH in. The VPN terminates inside the firewall, with no firewall rules applied to it.


Is there anything in the samba configuration which restricts connectivity to/from specific hosts/nets?


The direct connection test means that a lot of samba must be working - the main differences (beside speed) are the use of eth0 on the laptop rather than ppp0 and cipcb0.

The results I saw do not indicate a flood in one direction which does not get through - also the packet sizes are small and this isn't an mtu problem.

Best regards

Allan

On Sunday 07 September 2003 03:54, James Knott wrote:

I have just tried running my vpn through a direct connection via switch
to my firewall, so that it runs at full 100 Mb.  I can now access the
file shares with no problem.  This would indicate to me that the VPN is
functioning correctly and the problem is likely due to the great
bandwidth difference, as a result of going through the dial up
connection to a 100 Mb network.  I wonder what can be done about that?

The direct connection test still used the VPN. The path was from my notebook using a 192.168.3.x address connecting to my firewall. The firewall then takes the VPN traffic from the notebook and sends it to the server. This was set up as a test of the VPN at higher speeds than the dialup access will allow. I have also successfully used it over wireless at 11 Mb and again it works well. So, with no changes to the firewall, VPN or Samba configuration, file sharing works well at the higher speeds. My take on this, is that the server is sending out data far faster than the dialup link can handle and it's getting dropped, due to the apparently poor UDP flow control in Samba and NFS. FTP, which is TCP, doesn't show this problem. If it works well with high speed connections and not slow dialup connections, what else is likely to be the problem? In both high speed examples, the VPN passed through the same interface (eth0) as did the dialup via ISP connection.


<< | Thread Index | >> ]    [ << | Date Index | >> ]