IPTables Mangle Table Slows Down Connection when Uploading Large Files
Greetings,
I am using Linux as a router, IPTables / Netfilter.
I have run into a problem with the MANGLE table rules slowing down the internet connection to a crawl when uploading files with various cloud based backup software. If I remove the Mangle table rules, the problem resolves. With the MANGLE rules in place and while uploading files, my ping times to google for example, are consistently above 500ms. If I remove the MANGLE rules, ping times are normal 14ms - 50ms.
The purpose of my mangle rules are to prioritize SIP and RTP traffic for VoIP, and then all else to the default queue.
Here are my mangle table rules:
-A PREROUTING -p udp -m udp --dport 10000:21099 -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -p udp -m udp --dport 10000:21099 -j RETURN
-A PREROUTING -p udp -m udp --dport 5060:5099 -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -p udp -m udp --dport 5060:5099 -j RETURN
-A PREROUTING -j MARK --set-xmark 0x2/0xffffffff
-A PREROUTING -j RETURN
Any ideas on how I can speed up the packets through the mangle table?
I am using Linux as a router, IPTables / Netfilter.
I have run into a problem with the MANGLE table rules slowing down the internet connection to a crawl when uploading files with various cloud based backup software. If I remove the Mangle table rules, the problem resolves. With the MANGLE rules in place and while uploading files, my ping times to google for example, are consistently above 500ms. If I remove the MANGLE rules, ping times are normal 14ms - 50ms.
The purpose of my mangle rules are to prioritize SIP and RTP traffic for VoIP, and then all else to the default queue.
Here are my mangle table rules:
-A PREROUTING -p udp -m udp --dport 10000:21099 -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -p udp -m udp --dport 10000:21099 -j RETURN
-A PREROUTING -p udp -m udp --dport 5060:5099 -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -p udp -m udp --dport 5060:5099 -j RETURN
-A PREROUTING -j MARK --set-xmark 0x2/0xffffffff
-A PREROUTING -j RETURN
Any ideas on how I can speed up the packets through the mangle table?
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Interesting! Thank you for that. I will look into that as well.
I can report that dialing back the amount of ports in the mangle table definitely improved the situation. It's certainly not perfect, but the network is at least usable when the uploads are taking place. Ping times have dropped from spiking to 1,000ms to google, to about 100-300ms spikes.
I can report that dialing back the amount of ports in the mangle table definitely improved the situation. It's certainly not perfect, but the network is at least usable when the uploads are taking place. Ping times have dropped from spiking to 1,000ms to google, to about 100-300ms spikes.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
The author has acknowledged that the problem is identified and explained. However he has not posted a progress update for some time. Assume he will get there.
Networking
Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.
102K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER