On 22 Dec 2017, at 20:30, Michael Grimm wrote:
Hi —
[ I am including freebsd...@freebsd.org now and removing
freebsd-j...@freebsd.org ]
[ Thread starts at
https://lists.freebsd.org/pipermail/freebsd-net/2017-December/049470.html
]
(#) there is a *dramatic* performance loss (TCP) when:
(-) fetching files from outside through PF/extIF via bridge to jail
…
Thanks for your suggestions so far, but I am lost here. Any ideas?
It seems to me some kind of bug in the PF.
I personally never tried it, I use ipfw and it works just fine.
Before testing IPFW (which I have never used before) I'd like to ask
the experts in freebsd...@freebsd.org about possible tests/tweaks
regarding PF.
OK, too complicated setups; I am not getting it fully.
Can you please just describe the one case that doesn’t work well in
all detail and ignore all the others for a moment?
(a) what’s the external host interface?
(b) pf runs on the base system?
(c) you are bridging into a VNET-jail? How exactly? Are you bridging
to epairs?
(d) where exactly are you NATing?
(e) why are you bridging and NATing? That makes little sense to me.
Couldn’t you NAT and forward or just bridge?
(f) what’s inside the VNET jail? Another pf or anything?
(g) out of curiosity, does dmesg on the base system indicate anything?
To understand your performance problem better:
(1) you are doing a fetch of a rather large file to test from within the
VNET jail? Or what are you fetching? Are you using fetch?
(2) if you fetch from within the same VNET jail does that perform?
(3) if you fetch something to the VNET jail from the base system just
going through your internal setup but not leaving the machine, does that
still perform?
(4) if you fetch something to the VNET jail from the same LAN (if
possible to test) does that perform?
(5) if you fetch something to the VNET jail from a close by location
does that make a difference to something on the other side of the
planet?
/bz
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
