Hi, > -----Urspr|ngliche Nachricht----- > Von: "Otto Moerbeek" <[EMAIL PROTECTED]> > Gesendet: 24.10.08 13:11:39 > An: Sebastian Reitenbach <[EMAIL PROTECTED]> > CC: misc@openbsd.org > Betreff: Re: slow network performance behind cisco
> On Fri, Oct 24, 2008 at 12:58:27PM +0200, Sebastian Reitenbach wrote: > > > Hello everybody, > > > > I'm experiencing a very bad network performance, when I try to connect > > to a remote server. > > The point-to-point connection is a E3 line, with 34MBit/s, with a cisco 2800 > > router on each side, terminating the point-to-point connection. > > > > These cisco routers have two gigabit interfaces, and a serial > > point-to-point E3 controller. Below my network layout: > > > > +-------------+ > > |Remote Server| > > +-------------+ > > |GigaBit Ethernet > > +------------+ > > |Remote Cisco| > > +------------+ > > |Serial E3 Line > > | > > +------------+ GigaBit Ethernet +---------+ > > |Local Cisco |---------------------|Linux Box| > > +------------+ +---------+ > > |GigaBit Ethernet > > +-------+ > > |BSD Box| > > +-------+ > > > > I use iperf to measure the connection speed. > > The OpenBSD box, and the Linux box are in two different networks, > > so the connection between these two is also routed. > > When I use iperf between the Linux-Box and the BSD-Box, then > > iperf measures about 500MBit/s, so thats fine. > > When I use iperf between the Linux Box and the remote server, > > then I get sth. about 32 MBits, that's fine too. > > When I use iperf between the BSD box and the remote server, > > I only get 2MBit/s. > > Then I thought, maybe the interface where the BSD box is connected > > is the problem, so I connected it to the interface on the cisco, > > where the Linux box was connected before, but still only the > > 2MBit/s speed to the remote host. > > I also tried different OpenBSD boxes, with different network adaptors, > > one with bge, another one with fxp, but also, no difference. > > With both BSD boxes, connection to the Linux box is fast, > > connections to the remote server is slow. > > Then I tried to fiddle around with pf, scrub rules on the BSD box. > > I tested with disabled firewall, with > > scrub no-df > > scrub set-tos lowdelay > > scrub set-tos throughput > > and some more, but without any observable difference in the speed. > > The Linux box and the BSD boxes both had the same MTU on their interfaces, > > and also no dropped packets, or errors on the interfaces. > > > > When I connect the Linux box behind the OpenBSD box, and then try to connect > > from the Linux box to the OpenBSD box, the performance becomes slow. > > > > So right now I'm a bit puzzled, and have no idea, why the connection to the > > remote host is fast when using a Linux box, but so slow when using OpenBSD. > > Are there any differences in the IP packets that OpenBSD and Linux creates? > > I'm going to capture the network traffic on the Linux and OpenBSD box to be > > able > > to compare the IP packets. > > Is there any tool where I can replay the packet sequence on OpenBSD that I > > have > > recorded with tcpdump on the Linux box? > > > > Unfortunately, I don't have access to the remote cisco, or remote > > server, so I cannot check anything there. > > > > any hint is greatly appreciated. > > OpenBSD uses a pretty low default send and receive buffer size for > sockets. Try increasing net.inet.tcp.recvspace and > net.inet.tcp.sendspace, after reading a bit about bandwidth * delay > products. > > -Otto many thanks, after a bit of reading, and setting both values to a reasonably higher value, I was able to utilize the full bandwidth, so its working fine now. However, in the meantime, I tried the following, without changing the values for the send and receive buffer: I used the OpenBSD box as firewall, with the Linux box behind it. The connection is started always from the remote server, therefore I only added a rdr rule from the remote server to the Linux box. Then having the iperf server on the Linux box, and the client on the remote server, but the speed was still slow. Then I just only added a nat rule on the OpenBSD box, from the Linux box to the remote server. When now the remote server initiates the iperf client connection to the local Linux box, it used the full bandwidth. So, I'm a bit curious, why after adding the nat rule, the network speed became faster. kind regards Sebastian ________________________________________________________________________ Schon gehvrt? Bei WEB.DE gibt' s viele kostenlose Spiele: http://games.entertainment.web.de/de/entertainment/games/free/index.html
