Re: performance issue within VNET jail

Michael Grimm Thu, 21 Dec 2017 14:00:34 -0800


> On 21. Dec 2017, at 22:48, Eugene Grosbein <eu...@grosbein.net> wrote:
> 
> 22.12.2017 4:42, Michael Grimm wrote:
> 
>> Well I prepared on of my webservers running at hostB/jailX to serve a sample 
>> file for local downloading tests:
>> 
>> 1) hostA     wget from hostB/jailX sample file: about  30 MB/s
>> 2) hostA/jailY       wget from hostB/jailX sample file: about  30 MB/s
>> 3) hostB     wget from hostB/jailX sample file: about 190 MB/s
>> 4) hostB/jailY       wget from hostB/jailX sample file: about 190 MB/s
>> 
>> Hmm. At least tests 3) and 4) omit the pf firewall. Tests 1) qnd 2) include 
>> passing two firewalls, one at each host. BUT: Both hosts are connected via 
>> an IPSec tunnel, and that's esp not tcp.
>> 
>> Can anyone draw conclusions from this test? 
>> I cannot ;-)
> 
> Make sure and double check that your ESP packets do not get fragmented.



Hmm, I do not know how to achieve that. May the following tcpdump excerpts 
answer your question, or do you want me to look somewhere else?

At hostA while downloading from hostB/jailX and "tcpdump -i extIF esp -vv"

22:52:42.341023 IP (tos 0x0, ttl 64, id 40481, offset 0, flags [none], proto 
ESP (50), length 140)
    hostA > hostB: ESP(spi=0x01d9ec34,seq=0x5fe699), length 120
22:52:42.341079 IP (tos 0x0, ttl 53, id 64310, offset 1480, flags [none], proto 
ESP (50), length 100)
    hostB > hostA: ip-proto-50
22:52:42.341151 IP (tos 0x0, ttl 64, id 40483, offset 0, flags [none], proto 
ESP (50), length 140)
    hostA > hostB: ESP(spi=0x01d9ec34,seq=0x5fe69a), length 120
22:52:42.341169 IP (tos 0x0, ttl 53, id 64312, offset 1480, flags [none], proto 
ESP (50), length 100)
    hostB > hostA: ip-proto-50
22:52:42.341238 IP (tos 0x0, ttl 53, id 64314, offset 1480, flags [none], proto 
ESP (50), length 100)
    hostB > hostA: ip-proto-50

At hostB the same dump looks like:

22:52:42.463511 IP (tos 0x0, ttl 53, id 41153, offset 0, flags [none], proto 
ESP (50), length 124)
    hostA > hostB: ESP(spi=0x01d9ec34,seq=0x5feaa8), length 104
22:52:42.463518 IP (tos 0x0, ttl 53, id 41155, offset 0, flags [none], proto 
ESP (50), length 124)
    hostA > hostB: ESP(spi=0x01d9ec34,seq=0x5feaa9), length 104
22:52:42.463593 IP (tos 0x0, ttl 53, id 41157, offset 0, flags [none], proto 
ESP (50), length 124)
    hostA > hostB: ESP(spi=0x01d9ec34,seq=0x5feaaa), length 104
22:52:42.463601 IP (tos 0x0, ttl 53, id 41159, offset 0, flags [none], proto 
ESP (50), length 124)
    hostA > hostB: ESP(spi=0x01d9ec34,seq=0x5feaab), length 104
22:52:42.463673 IP (tos 0x0, ttl 53, id 41161, offset 0, flags [none], proto 
ESP (50), length 124)
    hostA > hostB: ESP(spi=0x01d9ec34,seq=0x5feaac), length 104


Thanks and regards,
Michael





> 
> 
> _______________________________________________
> freebsd-...@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Re: performance issue within VNET jail

Reply via email to