News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  General Questions
linktree Topic: FTP-traffic overloads Monowall on Soekris 5501?
Pages: [1]
Topic: FTP-traffic overloads Monowall on Soekris 5501?  (Read 2476 times)
« on: May 25, 2010, 16:48:55 »
tobiasbp *
Posts: 13
Hello....

I have Monowall 1.32 running on a Soekris 5501 in a WAN,LAN,WIFI,DMZ setup.

Traffic from the FTP server in the DMZ to machines in the LAN frequently overloads the Monowall (Results in 100% CPU use). Is this as expected? How could I investigate further. Would like to do something more advance than looking at the CPU usage. How would I go about finding out which processes use all the CPU cycles?

Thanks.
« Reply #1 on: May 25, 2010, 20:33:18 »
iridris ***
Posts: 145
What kind of speeds are you running?  I assume since it's DMZ > LAN, it's either 100Mbps or 1Gbps.  The m0n0wall handbook has a chapter on hardware sizing: http://doc.m0n0.ch/handbook/hardware-sizing.html.  It doesn't mention the Soekris 5501, but it does mention the 48xx line being able to get up to around 40Mbps. 

If your NICs support it, you may want to see about turning on device polling.

As for finding the processes that are using the most CPU, you can use the exec.php page and run the 'top' command, which will list the top processes along with a bunch of other stats.
« Reply #2 on: May 27, 2010, 13:44:30 »
tobiasbp *
Posts: 13
Hello...

Thank you for the reply. I have enabled Device Polling. I'll observe for a while.

My nics are 100Mbps. Getting around 45-50Mbps using up all CPU cycles. Maybe I should use the traffic shaper to limit the LAN<->DMZ traffic?

Thanks for the links to the mono documentation. Re-read with interest. It's been a long time since I read it last.


Thanks
« Reply #3 on: May 27, 2010, 22:03:52 »
rpsmith ***
Posts: 113
you need better hardware if you are going to be routing 100 mbit between LAN and DMZ.  A net5501 is just not fast enough.

Roy...
« Reply #4 on: May 31, 2010, 10:10:28 »
tobiasbp *
Posts: 13
Quote from: rpsmith on May 27, 2010, 22:03:52
you need better hardware if you are going to be routing 100 mbit between LAN and DMZ.  A net5501 is just not fast enough.

Roy...

Would I be able to limit the LAN<->DMZ traffic to say 40Mbps to spare my CPU?
« Reply #5 on: June 02, 2010, 15:23:52 »
iridris ***
Posts: 145
Quote from: tobiasbp on May 31, 2010, 10:10:28
Quote from: rpsmith on May 27, 2010, 22:03:52
you need better hardware if you are going to be routing 100 mbit between LAN and DMZ.  A net5501 is just not fast enough.

Roy...

Would I be able to limit the LAN<->DMZ traffic to say 40Mbps to spare my CPU?

You may be able to use the Traffic Shaper to achieve this.  I'm not all that familiar with it though so I don't know the details of how it'd work.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines