Am 22.11.2012 13:38, schrieb Marc Peters:
interesting, the MTU is way lower, than i expected. Through the VPN
tunnel, only 1322 bytes are possible without fragmentation. ScreenOS
adds 42 additional bytes per paket and the FreeBSD box is receiving 1364
bytes, according to tcpdump. From the outside (only one Netscreen on the
way), 1472 is the maximum possible size to send pakets without
fragmentation (-D).
Which MTU would you suggest to use? Shouldn't the MTU discovery of
FreeBSD handle this correct?
should handle, yes.
Any icmp firewalls in between?
you can also try tcp mss clamping (via firewall, infos via google)
*) any offloading/supported used at the network-card?
Yes:
bce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
ether ac:16:2d:b7:00:f4
inet 172.16.3.10 netmask 0xffffff00 broadcast 172.16.3.255
inet6 fe80::ae16:2dff:feb7:f4%bce0 prefixlen 64 scopeid 0x1
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
try to deactivate JUMBO_MTU and TSO4
*) try a rate-shaping queue outgoing (not really good - as shaping works
best on incomming interfaces):
you need dummynet (and ipfw for this example):
ipfw add pipe 1 all from ....
ipfw pipe 1 config bw 10Mbit/s queue 50Kbytes
(adjust queue size ~40ms at rated speed)
no paketfiltering on the host itself is intended and i don't know
anything of ipfw for a simple setup, sorry.
ipfw add pipe 1 all from thishostip to destinationhostip
ipfw pipe 1 config bw 10Mbit/s queue 50Kbytes
Kind regards,
Ingo Flaschberger
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
