Hi all together,
I am facing a problem with the performance of the firewalld together with a team - bridge configuration.
eno1 ---|
. |--- team0 --- bridge0 (with ip4 address) | ... VLAN for Virtual Machines
eno2 ---|
eno1 / 2 (the team interfaces) + team0 are trusted. Packet filtering makes no sense.
It is a Gigabit connection x 2 and should be around 100 MB/s for a connection to one external computer.
I tested the performance with netio and a machine in the network
Result firewall ON : Outgoing ~ 30MB/s, Ingoing 112 MB/s !!!!!!!!!
Result firewall OFF : Outgoing ~ 113 MB/s, Ingoing 112 MB/s , this is better than expected.
With firewall the outgoing network performance is only 30% !!!!!!!!
And this is what the users feel.
And now my question:
Is this something that is "normal" or is there a configuration problem which causes the dramatic performance loss.
What I would try is to do is to disable the interface which have no ip adress from the firewall.
But how to do this ?
Any idea is highly welcomed.
bye for now
Thomas
Slow firewall with team + bridge config
Re: Slow firewall with team + bridge config
What happens if you stop firewalld and replace it with a suitable minimal set of ordinary iptables rules?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke