Slow routing

I’m using opensuse 11 for routing between two subnets. The subnets are phisically united by a 100Mbps link.
So far I was able to do the routing, with the following setup:

eth1 192.168.1.253 255.255.255.0
eth2 192.168.2.253 255.255.255.0
ip forwarding enabled

Kernel IP routing table
Destination    Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     192.168.2.253   255.255.255.0   UG    0      0        0 eth2
192.168.1.0     192.168.1.253   255.255.255.0   UG    0      0        0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

If I use the box as a gateway, I’m able to see the other subnet. For example, host 192.168.2.220 can ping 192.168.1.11 etcetc
The problem is, it gets there with a 45ms response latency.
Later speed tests show me that I’m sending/transmiting at a max of 10Mbps.
I know the link works 100Mbps, each card (eth1, eth2) do have a normal latency response (less than 1ms) and speed tests from the router to wichever subnet does gives me 100Mbps.
It only gives me the 10Mbps when I use the router as a gateway on another host.
What could be wrong?

Hmm. It is enough to define the routing as being via the ethernet interface, so the gateways need not be defined for routing to the subnet which is defined for the interface, so fiddle with your settings until you get a routing table which looks like this:

Kernel IP routing table
Destination    Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     *               255.255.255.0   UG    0      0        0 eth2
192.168.1.0     *               255.255.255.0   UG    0      0        0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

My guess is that by specifying the interface as the gateway, when sending a packet, firstly the gateway is found and then a route is evaluated for the gateway and then the interface is calculated. But if you specify no gateway, it just looks for the interface immediately.

That would be my guess. I would be interested to know if this makes a difference to your pings.

Thanks for your response nigma
I did the changes, and while I still have connectivity, it is the very same issue. I even installed a third nic just to test, routing table now looks like this:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     *               255.255.255.0   U     0      0        0 eth2
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth2
link-local      *               255.255.0.0     U     0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo

I still get just 10Mbps and pings on 45ms.
Any other suggestions?

OK, let’s go with the hypothesis that nothing is broken. 10Mb/s could be throughput, not transmission rate, so this aspect might not really indicate a problem. openSuse could be just lousy at routing - remember it is tuned as a desktop not as a router.

I would now try putting in a new hard drive and installing a firewall router distro, such as IPcop, knowing I get sub 4ms pings on a Pentium 166. If I still had the problem, I would know that the fault lies in the machine itself or in the network hardware. If I didn’t have the problem, I would need to look at what was on the hard drive - eg kernel tuning etc. Is this machine anything more than a router?

yup.
Ended up using smoothwall.
Thanks for your insight Nigma.

No problem. Forgot to mention I am getting 4ms pings with 1 of the links being 10Mbit/s ethernet. The problem with using Suse as a router is that it carries a rather heavy load, so lazy scheduling of processes on a 10’s of ms sort of scale is best, and causes no issues for users whose reactions are in the 100’s of ms scale. A dedicated distro for firewall/router carries far less processes and can be easily tuned up to put processes on a 1ms timescale, which brings down the ping substantially. I am sure suse can be tuned, but as you have discovered, a dedicated distro does the job.