Questions and Answers
Amy Rich
Q We have a SunFire 280R that's acting as a
cheap high-speed firewall for our internal network. We have a quad-gigabit card
in the machine that's attaching it to three internal LANs and one that's connected
to the DMZ. The problem is that we're seeing dismal throughput on this box,
nowhere near gigabit speeds. We specifically went with a host-based solution
instead of an actual firewall appliance because we wanted the cheap gigabit
speed. Is there something that we can tune to get better performance out of
this?
A You're probably running into several issues,
both hardware and software related. You state that you're using a 280R for this
purpose, but you don't mention which operating system you're running or the
exact hardware configuration. To start, take a look at your adapter under the
Sun System Handbook at http://sunsolve.sun.com/ to see whether you're
running at a supported OS revision and whether you have all of the necessary
patches. If you have an X4444A, for example, you should take a look at:
http://sunsolve.sun.com/handbook_private/Devices/Ethernet/ETHER_QGE_UTP.html
This is one of the quad-GigE cards supported by the 280R and is handled under
the ce driver. The driver requires Solaris 7 Patch 112327-17, Solaris 8
Patch 111883-23, or Solaris 9 Patch 112817-16. If you're trying
to use VLANing, you also need Solaris 8 Patch 112119-04 or Solaris 9 Patch
114600-02.
Next, make sure that both ends of the connection (e.g., the switch and the
port on your Sun) are running at the same speed and duplex. You can check the
speed and duplex under Solaris by running:
kstat -p ce | grep link_
The settings are translated as:
link_up - 0 down, 1 up
link_speed - speed in Mbit/s
link_duplex - 1 half duplex, 2 full duplex, 0 down
All of your GigE ports should be running at 1000, full duplex.
|
