[plug] Network analysis info required

[Craig Ringer]

> Something else, something more subtle, is going on. If anyone knows what it 
> might be I'd be pleased to hear about it. But, more importantly, what tools 
> and procedures would people recommend for tracking down a problem like this? 
> URLs on what to read would be as welcome as specific suggestions.

tcpdump on the firewall ; ethereal and etherape run on the firewall and 
displayed to a remote X server.

These are excellent tools, and a little time fiddling with them - 
ESPECIALLY ethereal - will teach you a lot. I usually generate a packet 
dump with tcpdump, scp it to my main box, and use ethereal to analyse it 
there.

In this case, you'll find that it's a combination of massive upload 
rates and huge numbers of tcp/ip connections that are the problem. Eule 
and similar apps create thousands of connections, plus they're always 
sending SYNs and getting RSTs back from hosts that aren't listening any 
more. The actual stats may not reflect this, since they usually show 
only data outside tcp/ip overheads. If you fire up etherape to visualise 
the traffic, it'll be pretty amazing.

Solutions: (a) and preferered - don't use the darn program. (b) tell it 
to slow down it's upload rate and limit the rate it makes connections if 
you can. (c) Use QoS tools like HTB or CBQ to control the mess it's 
making of your link by dropping its traffic to a lower priority and 
ensuring it can only use at most 80% of the bandwitdh on the link (to 
keep latencies under control).

http://luxik.cdi.cz/~devik/qos/htb/
http://lartc.org/

Craig Ringer