Poorly performing proxy - ClearFoundation

Welcome, Guest

ClearFoundation

Network

Proxy and Content Filtering

Poorly performing proxy

(1 viewing) 1 Guest

Page: 1

TOPIC: Poorly performing proxy

Forum Tools

#44609

Poorly performing proxy 9 Months, 2 Weeks ago

We have been running our ClearOS v5.2 as a standalone proxy, with content filter for some time. Total user count 55 with at best 50% online at any given time.

It is running single network card and access to the Internet is via a CheckPoint firewall, users have started complaining about poor performance and the web in general being sluggish. This has been tested by us in Tech Support and we agree.

The LAN is split in two by a layer 3 CISCO 6509, with Plant based systems being 10.10.0.* and servers 10.10.4.*. The proxy is on the 10.10.0 side and the main Checkpoint firewall is on the 10.10.4.0 side. The route out of the building is through the CheckPoint and then onto a BT 2-Wire router.

As a control test we have built a second COS 5.2 system, but this time in gateway mode with its second interface connected to the other side of our LAN. This is equally poor in page load times despite being a better spec'd system. When we connect the external interface of the test system direct onto the 2-Wire router then everything is quicker.

If at all possible we want to avoid converting our existing standalone into gateway mode.

Can anyone shed any light as to why we are seeing the performance issues?

System Spec

Code:

Processors 	2

Model 	Intel(R) Pentium(R) III CPU family 1133MHz

CPU Speed 	1.13 GHz

Cache Size 	512.00 KB

RAM 1Gb

Memory usage is currently showing Swap usage of 90Mb

DavidAdams

Senior Boarder

Posts: 79

The administrator has disabled public write access.

#44662

Re: Poorly performing proxy 9 Months, 2 Weeks ago
If it works OK connected direct, it would suggest a routing or NIC issue that is only apparent in that configuration. Whats your NIC card? (output of 'lspci -nn' would help) Your system specs are quite low for a 20-30 users proxy with content filtering...if you leave the proxy on, but disable the content filter do things improve? Can you throw any more RAM at your system?

Tim Burgess

Moderator

Posts: 5800

The administrator has disabled public write access.

Website: http://www.timburgess.net
ClearOS RPM's: ftp://timburgess.net
ClearOS 6.x Mirror

#44670

Re: Poorly performing proxy 9 Months, 2 Weeks ago

Hi, just to clarify a few things that I didn't make clear in the first post:

If a user is not redirected through the existing live proxy then everything is just fine. They are still exiting the building via the CheckPoint and the 2-wire.

All other tests are being done on a second test box, spec as follows:

Code:
Processors 2 Model Intel(R) Pentium(R) D CPU 3.40GHz CPU Speed 3.39 GHz Cache Size 2.00 MB RAM 3Gb

This is performing equally poorly with only two users on when configured 10.10.0.* and 10.10.4.* but is just fine when the 10.10.4.* connection is moved onto our ADSL router direct.

Comments about existing single NIC proxy taken on board, but at the moment extra RAM is not available.

DavidAdams

Senior Boarder

Posts: 79

The administrator has disabled public write access.

#44671

Re: Poorly performing proxy 9 Months, 2 Weeks ago

Forgot - output of lspci -nn from test system:

Code:

00:00.0 Host bridge [0600]: Intel Corporation 82945G/GZ/P/PL Memory Controller Hub [8086:2770] (rev 02)

00:02.0 VGA compatible controller [0300]: Intel Corporation 82945G/GZ Integrated Graphics Controller [8086:2772] (rev 02)

00:02.1 Display controller [0380]: Intel Corporation 82945G/GZ Integrated Graphics Controller [8086:2776] (rev 02)

00:1b.0 Audio device [0403]: Intel Corporation N10/ICH 7 Family High Definition Audio Controller [8086:27d8] (rev 01)

00:1c.0 PCI bridge [0604]: Intel Corporation N10/ICH 7 Family PCI Express Port 1 [8086:27d0] (rev 01)

00:1c.1 PCI bridge [0604]: Intel Corporation N10/ICH 7 Family PCI Express Port 2 [8086:27d2] (rev 01)

00:1d.0 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #1 [8086:27c8] (rev 01)

00:1d.1 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #2 [8086:27c9] (rev 01)

00:1d.2 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #3 [8086:27ca] (rev 01)

00:1d.3 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #4 [8086:27cb] (rev 01)

00:1d.7 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB2 EHCI Controller [8086:27cc] (rev 01)

00:1e.0 PCI bridge [0604]: Intel Corporation 82801 PCI Bridge [8086:244e] (rev e1)

00:1f.0 ISA bridge [0601]: Intel Corporation 82801GB/GR (ICH7 Family) LPC Interface Bridge [8086:27b8] (rev 01)

00:1f.2 IDE interface [0101]: Intel Corporation N10/ICH7 Family SATA Controller [IDE mode] [8086:27c0] (rev 01)

00:1f.3 SMBus [0c05]: Intel Corporation N10/ICH 7 Family SMBus Controller [8086:27da] (rev 01)

02:00.0 Ethernet controller [0200]: Intel Corporation 82573E Gigabit Ethernet Controller (Copper) [8086:108c] (rev 03)

0a:09.0 Ethernet controller [0200]: 3Com Corporation 3c905C-TX/TX-M [Tornado] [10b7:9200] (rev 78)

from the live system I get the following

Code:

00:00.0 0600: 1166:0009 (rev 06)

00:00.1 0600: 1166:0009 (rev 06)

00:01.0 0300: 5333:8a22 (rev 06)

00:02.0 0200: 8086:1229 (rev 08)

00:0a.0 0200: 8086:1229 (rev 08)

00:0f.0 0601: 1166:0200 (rev 51)

00:0f.1 0101: 1166:0211

00:0f.2 0c03: 1166:0220 (rev 04)

01:03.0 0100: 9005:008f (rev 02)

01:05.0 0604: 1011:0026 (rev 05)

02:04.0 0200: 8086:1229 (rev 0d)

02:05.0 0200: 8086:1229 (rev 0d)

DavidAdams

Senior Boarder

Posts: 79

The administrator has disabled public write access.

Page: 1

Moderators: Dave Loper, Peter Baldwin, Piotr Smalira, Tim Burgess

ClearFoundation

Foundation

Software

Community

Contribute