Tags Tags

iptables NAT forwarding adding 75-100ms

April 29th, 2012 - 06:42 pm ET by Mike Lovell | Report spam
Help Create a new topic
I have a strange occurrence of lag on my local networking. I have a
cable modem that plugs into a Debian server, then that Debian server is
plugged into a switch that all other machines in the house connect to.

So something like:

wan0 -> wan
eth0 -> lan

The relevant forwarding/NAT rules are:


#iptables -A FORWARD -i wan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A FORWARD -i eth0 -o wan0 -j ACCEPT

#iptables -t nat -A POSTROUTING -o wan0 -j MASQUERADE


So pretty standard boring NAT.

Lag is occurring (between 75ms and 100ms) on all forwarding rules. Apart
from the lag they function fine (no connectivity issues).


Ping: LAN Machine -> Debian Router = ~0.7ms
Ping: Debian Router -> Google = ~20ms
Ping: LAN Machine -> Google = ~121ms !!!


The Debian server has plenty of free RAM, the load is showing as low,
it's (at this time) entirely dedicated to routing - Why is it
introducing 100ms of lag into forwarded traffic???

Anyone else seen similar to this???


I get great speed from LAN machines, just high latency.

~ Mike
email Follow the discussionReplies 23 repliesReplies Make a reply

Replies

#1 ein
April 30th, 2012 - 05:06 am ET | Report spam
On 04/30/2012 12:42 AM, Mike Lovell wrote:
I have a strange occurrence of lag on my local networking. I have a
cable modem that plugs into a Debian server, then that Debian server is
plugged into a switch that all other machines in the house connect to.

So something like:

wan0 -> wan
eth0 -> lan

The relevant forwarding/NAT rules are:


#iptables -A FORWARD -i wan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A FORWARD -i eth0 -o wan0 -j ACCEPT

#iptables -t nat -A POSTROUTING -o wan0 -j MASQUERADE


So pretty standard boring NAT.



How many FORWARD rules u have?
Do above rules are in beginning of FORWARD chain? If no, please switch
them as far of begin as u can. Is lag time changed?

Lag is occurring (between 75ms and 100ms) on all forwarding rules. Apart
from the lag they function fine (no connectivity issues).



How do u check that?

Ping: LAN Machine -> Debian Router = ~0.7ms
Ping: Debian Router -> Google = ~20ms
Ping: LAN Machine -> Google = ~121ms !!!



Wrong! Please 'ping' nearest machine after your router for example your
ISP's gateway or ISP's DNS servers. Please have in mind that your ISP's
router have more important things to do, than respond to ICMP echo
request messages.

The Debian server has plenty of free RAM, the load is showing as low,
it's (at this time) entirely dedicated to routing - Why is it
introducing 100ms of lag into forwarded traffic???



What version of Debian is it?
How much forward traffic u have?

I get great speed from LAN machines, just high latency.



Do you have some QoS at this machine?

Similar topics

Make your own search :