Re: Performance problem with slow link behind fast gateway (solved: worked around)

Thu, 18 Sep 2014 14:03:26 -0700 

On 2014-09-15 07:55, Bryan Venteicher wrote:

Hi,

On Tue, Sep 9, 2014 at 4:42 PM, <mailingli...@debank.tv> wrote:


All,
I'm seeing some performance problems with a slowish VPN connection behind 
a fast gateway, the setup looks like this:

|----------------------------------|
 |-----------------------------|
|client (zandbak)  (DSL connection)| ---- 'VPN tunnel' ----- |Gateway
(vps) using NAT on 1G|------ 'Internet'
|----------------------------------|
 |-----------------------------|


Transfers from the gateway to the client are reasonably fast (easily
within usable range for me):
root@zandbak:/usr/home/rob # scp rob@gateway:test_file ./
test_file
                         100%   10MB 445.2KB/s   00:23


Transfers from the internet to the gateway are fast:
root@vps:/usr/home/rob # fetch -4 "http://149.20.53.23/pub/
FreeBSD/releases/amd64/amd64/ISO-IMAGES/10.0/FreeBSD-10.0-
RELEASE-amd64-bootonly.iso"
FreeBSD-10.0-RELEASE-amd64-bootonly.iso 100% of 209 MB 10 MBps 
00m20s


But transfers from the client to the internet through the tunnel are
showing a very degraded connection speed, the speed jumps up and down but 
averages at around 20kBps:
root@zandbak:/usr/home/rob # fetch "http://149.20.53.23/pub/
FreeBSD/ISO-IMAGES-amd64/10.0/FreeBSD-10.0-RELEASE-amd64-bootonly.iso"
FreeBSD-10.0-RELEASE-amd64-bootonly.iso 0% of 209 MB 8275 Bps 
07h27m


I've tried to eliminate some variables:
-VPN: tinc as a L2 VPN and openVPN as a L3 VPN, results are the same
-NAT: pf and ipfw, results are the same

I suspect that there's a problem with the fast link receiving too much
data and once the buffers are full dropping packets although I'm not sure 
if this is actually the problem.
My question is: how can I debug this issue?
​On the vtnet0 interface in your KVM VM​, disable checksum offloading. What KVM/QEMU VirtIO provides as the "checksum" in situation likes this does not work well with what FreeBSD expects. Fixing this has been on my todo list for awhile, but it is a moderate amount of work to fix this, and touches many places in the stack. I have plans to do mbuf related work later this 
year, and was planning to finally fix this issue as well.





<--------------SNIP----------->


Thanks Bryan,
I can confirm performance with checksum offloading disabled on the vtnet interface is back to expected levels! 

Rob Evers

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Reply via email to