* Wrong count on bytes
@ 2002-10-18 21:40 Javier Martin
2002-10-19 6:39 ` Patrick Schaaf
0 siblings, 1 reply; 3+ messages in thread
From: Javier Martin @ 2002-10-18 21:40 UTC (permalink / raw
To: netfilter-devel
Hi!
I'm getting confusing numbers from the iptables counters. The numbres
apparently show that the output bandwidth is >140 Mbit/sec on a 100
Mbit/sec.
I'm running:
- RH 7.3
- Kernel 2.4.18 (RH release is 2.4.18-10)
- iptables 1.2.5 (RH release 1.2.5-3).
This server is running an intel EEPRO100 nic with own intel's driver
(e100.o). The driver provides byte accounting at
/proc/net/PRO_LAN_Adapters/eth0.info, and this number differs BY FAR
from iptables. If I run the following script:
cat /proc/net/PRO_LAN_Adapters/eth0.info |grep Tx_Bytes
iptables -L -n -v -x |grep OUTPUT
sleep 10
cat /proc/net/PRO_LAN_Adapters/eth0.info |grep Tx_Bytes
iptables -L -n -v -x |grep OUTPUT
This is the result:
Tx_Bytes 2501299733
Chain OUTPUT (policy ACCEPT 410429507 packets, 581914465274 bytes)
Tx_Bytes 2626036933
Chain OUTPUT (policy ACCEPT 410555345 packets, 582099636248 bytes)
Substract the numbers, then divide by 10 seconds and you will have the
speed rate:
Intel's driver counter: 95,17 Mbit/sec
iptables: 141,27 Mbit/sec!?!?
The driver's counter is correct as the server is truly under heavy
traffic load and the rate is peaking at the ethernet limit. But the
iptables number is way not coherent.
I'm using the following rules:
iptables -I INPUT -i eth0 --destination x.x.x.x
iptables -I OUTPUT -o eth0 --source x.x.x.x
And x.x.x.x is an address added to the eth0 device via the iproute's ip
command:
ip address add x.x.x.x dev eth0
I also have some queue discipline filters for bandwidth shaping which I
don't really believe they have anything to do.
Please help!
Javier
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Wrong count on bytes
2002-10-18 21:40 Wrong count on bytes Javier Martin
@ 2002-10-19 6:39 ` Patrick Schaaf
2002-10-21 19:34 ` Javier Martin
0 siblings, 1 reply; 3+ messages in thread
From: Patrick Schaaf @ 2002-10-19 6:39 UTC (permalink / raw
To: Javier Martin; +Cc: netfilter-devel
> Chain OUTPUT (policy ACCEPT 410429507 packets, 581914465274 bytes)
> Chain OUTPUT (policy ACCEPT 410555345 packets, 582099636248 bytes)
>
> I'm using the following rules:
>
> iptables -I INPUT -i eth0 --destination x.x.x.x
> iptables -I OUTPUT -o eth0 --source x.x.x.x
Maybe you are using these rules, but you certainly are not showing their
counters in the two lines above. You are showing the chain defaults of
the OUTPUT chain, counting anything _not_ covered by terminating earlier
rules.
I'd guess that your chain defaults cover localhost communication and
other stuff besides that which you thing you want to measure.
best regards
Patrick
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: Wrong count on bytes
2002-10-19 6:39 ` Patrick Schaaf
@ 2002-10-21 19:34 ` Javier Martin
0 siblings, 0 replies; 3+ messages in thread
From: Javier Martin @ 2002-10-21 19:34 UTC (permalink / raw
To: 'Patrick Schaaf'; +Cc: netfilter-devel
> > Chain OUTPUT (policy ACCEPT 410429507 packets, 581914465274 bytes)
> > Chain OUTPUT (policy ACCEPT 410555345 packets, 582099636248 bytes)
> >
> > I'm using the following rules:
> >
> > iptables -I INPUT -i eth0 --destination x.x.x.x
> > iptables -I OUTPUT -o eth0 --source x.x.x.x
>
> Maybe you are using these rules, but you certainly are not
> showing their counters in the two lines above. You are
> showing the chain defaults of the OUTPUT chain, counting
> anything _not_ covered by terminating earlier rules.
Hmmm.. If I display the bytes conters per IP, they show similar numbers
(ie. Exceeding 100 mbit/sec).
> I'd guess that your chain defaults cover localhost
> communication and other stuff besides that which you thing
> you want to measure.
I think localhost has nothing to do with this. There is no traffic
through the lo interface at all.
On the other hand, if the server is not peaking at the ethernet maximum
100 Mbit/sec, the numbers more or less match. For example, if I get 60
Mbit/sec from the driver, I will also get 60 Mb/sec from iptables. BUT
things change when the server saturates. So my guess is the following:
The server is trying to throw more than 100 Mbit/sec. Iptables accounts
each packet that passes through the OUTPUT chain, but as the network
card has reached is limit, it starts dropping frames. Those frames are
not actually transmited, but in fact they account from the iptables
point of view.
So what iptables measures when the server saturates is the minimum
amount of bytes that 'could have been' transmitted if the interface was
faster.
I don't know if this theory is correct, but at least satisfies me :-)
Javier
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-10-21 19:34 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-10-18 21:40 Wrong count on bytes Javier Martin
2002-10-19 6:39 ` Patrick Schaaf
2002-10-21 19:34 ` Javier Martin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.