чт, 4 окт. 2018 г. в 15:50, Rostyslav Maryliak < rostyslav.maryl...@idealscorp.com>:
> Dear Illya, > > Sorry for misleading you. I want to set this parameter to "none" globally. > I CAN change "Congestion Control Provider" setting for different > templates (i.e. Internet. Datacenter etc) in Powershell, but not to a > "None" value. > > In Powershell there is simply no option for this value: > PS C:\Users\Administrator> Set-NetTCPSetting -SettingName Datacenter > -CongestionProvider [ CTCP | CUBIC | DCTCP | Default | LEDBAT | NewReno ] > > I've tried different values, but still no luck. > > In CMD there is such option, but it does not apply any changes for it: > C:\Users\Administrator> netsh int tcp set supplemental template=datacenter > congestionprovider=*none* > Ok. > > C:\Users\Administrator> netsh int tcp show supplemental template=datacenter > TCP Supplemental Parameters > ---------------------------------------------- > Minimum RTO (msec) : 20 > Initial Congestion Window (MSS) : 10 > Congestion Control Provider : *dctcp* > Enable Congestion Window Restart : enabled > Delayed ACK timeout (msec) : 10 > Delayed ACK frequency : 2 > Enable RACK : disabled > Enable Tail Loss Probe : disabled > > Also, as I've mentioned in referred thread, such issue occurs on all our > win2016 servers, except one. > can you provide the output of [environment]::OSVersion.Version for that 2016 server ? (and for other servers) > This exception server has "Congestion Control Provider" setting set to > "none" somehow. > But still it is very strange for me that I have such slow network speed > via the tunnel for all win2016 servers "out of the box". > > Can you please check this from your side as well and confirm or disprove > the issue? > > > On Thu, Oct 4, 2018 at 12:10 PM Илья Шипицин <chipits...@gmail.com> wrote: > >> thank you for your investigation. >> >> congestion provider can be customized if you select "*Datacenter Custom"* >> >> чт, 4 окт. 2018 г. в 13:58, Rostyslav Maryliak < >> rostyslav.maryl...@idealscorp.com>: >> >>> Dear Ilya, >>> >>> I've checked "Get-NetTCPConnection" command output on both win2012r2 >>> and win2016 servers. >>> >>> win2012r2 server works as OpenVPN server. Internal IP address - >>> 10.0.4.1. OpenVPN tunnel IP address - 172.16.144.1 >>> win2016 server works as OpenVPN client. Internal IP address - 10.0.44.1. >>> OpenVPN tunnel IP address - 172.16.144.18 >>> >>> >>> *From win2012r2 server:* >>> >>> PS C:\Users\Administrator> Get-NetTCPConnection -RemoteAddress 10.0.44.1 >>> LocalAddress LocalPort RemoteAddress >>> RemotePort State AppliedSetting >>> ------------ --------- >>> ------------- ---------- >>> ----- -------------- >>> 172.16.144.1 56437 10.0.44.1 >>> 53005 Established >>> *Datacenter* >>> >>> PS C:\Users\Administrator> Get-NetTCPConnection -RemoteAddress >>> 172.16.144.18 >>> LocalAddress LocalPort RemoteAddress >>> RemotePort State AppliedSetting >>> ------------ --------- >>> ------------- ---------- >>> ----- -------------- >>> 10.0.4.1 11616 >>> 172.16.144.18 56882 Established >>> *Datacenter* >>> 10.0.4.1 11616 >>> 172.16.144.18 56905 Established >>> *Datacenter* >>> >>> >>> *From win2016 server:* >>> >>> PS C:\Users\Administrator> Get-NetTCPConnection -RemoteAddress 10.0.4.1 >>> LocalAddress LocalPort RemoteAddress >>> RemotePort State AppliedSetting >>> OwningProcess >>> ------------ --------- >>> ------------- ---------- >>> ----- -------------- ------------- >>> 172.16.144.18 56905 10.0.4.1 >>> 11616 Established * >>> Internet * 13300 >>> 172.16.144.18 56882 10.0.4.1 >>> 11616 Established * >>> Internet * 13300 >>> >>> >>> PS C:\Users\Administrator> Get-NetTCPConnection -RemoteAddress >>> 172.16.144.1 >>> LocalAddress LocalPort RemoteAddress >>> RemotePort State AppliedSetting >>> OwningProcess >>> ------------ --------- >>> ------------- ---------- >>> ----- -------------- ------------- >>> 10.0.44.1 53005 >>> 172.16.144.1 56437 Established >>> *Internet* 13300 >>> >>> >>> I've changed the "AppliedSetting" value to Datacenter on win2016 server >>> as well by running this commands and restarting the VPN: >>> New-NetTransportFilter -SettingName Datacenter -DestinationPrefix >>> 10.0.4.0/24 >>> New-NetTransportFilter -SettingName Datacenter -DestinationPrefix >>> 172.16.144.0/24 >>> >>> Now it shows Datacenter on both servers. But the network speed remains >>> the same. My changes do not affect the issue. >>> I've noticed that global TCP settings influence that, especially >>> "Chimney Offload", "Congestion Control Provider" and "ECN Capability": >>> >>> C:\Users\Administrator> netsh int tcp show global >>> Querying active state... >>> >>> TCP Global Parameters >>> ---------------------------------------------- >>> Receive-Side Scaling State : enabled >>> Chimney Offload State : disabled >>> NetDMA State : disabled >>> Direct Cache Access (DCA) : disabled >>> Receive Window Auto-Tuning Level : normal >>> Add-On Congestion Control Provider : default >>> ECN Capability : enabled >>> RFC 1323 Timestamps : disabled >>> Initial RTO : 3000 >>> Receive Segment Coalescing State : enabled >>> Non Sack Rtt Resiliency : disabled >>> Max SYN Retransmissions : 2 >>> TCP Fast Open : disabled >>> >>> >>> That is why I believe that the root cause of the issue lies in >>> "Congestion Control Provider" setting. But I am unable to change it >>> >>> On Thu, Oct 4, 2018 at 7:50 AM Илья Шипицин <chipits...@gmail.com> >>> wrote: >>> >>>> Hello, >>>> >>>> can you do some things and tell us your observation ? >>>> >>>> starting with win2012 so called network profiles were introduced >>>> (Internet / Intranet / Datacenter) >>>> those profiles are very different for tcp connection (if you observe >>>> degradation in case of udp, most probably that is not related) >>>> >>>> >>>> so, let's start >>>> >>>> start powershell (I assume you are familiar) >>>> call >>>> >>>> Get-NetTCPConnection >>>> >>>> pay attention to "AppliedSetting" column. >>>> what's there ? >>>> >>>> we did observe strange things when win2012 classified some traffic as >>>> "Internet" and appropriate tcp settings were applied. >>>> >>>> is there some correlation in your case ? >>>> >>>> ср, 3 окт. 2018 г. в 20:45, Rostyslav Maryliak < >>>> rostyslav.maryl...@idealscorp.com>: >>>> >>>>> Dear OpenVPN developers, >>>>> >>>>> I've faced a very strange issue with slow outbound network speed from >>>>> Windows Server 2016 Standard server via the OpenVPN tunnel. >>>>> OpenVPN server is Windows Server 2012 R2, client is Windows Server >>>>> 2016. The inbound network speed for Windows Server 2016 is great. >>>>> But the outbound network speed is nearly 30-40 kbps. I've got the same >>>>> results using several tests: iperf testings, file download via SMB, >>>>> Web-based downloading (using HTTP) etc. >>>>> >>>>> The tunnels is getting up and it works greatly, but only in one >>>>> direction - from Windows Server 2012 R2 to Windows Server 2016. >>>>> I've been using such server-client configurations setup for several >>>>> years with Windows Server 2012 R2 servers and I've never faced such issue >>>>> before. >>>>> At first I thought that our ISP has some network limitations, but it >>>>> turned out that the same tests shows great network speed results using the >>>>> public IP addresses in both directions. >>>>> The issue only occurs inside the VPN tunnel. I've spent 3 days tryng >>>>> to figure it out, but failed. I've installed all latest Windows updates, >>>>> reinstalled OpenVPN, tried to switch from UDP to TCP, >>>>> played with performance settings in configs (link-mtu, sndbuf, rcvbuf >>>>> etc) but still no luck. I've tested the same setup between two Windows >>>>> Server 2012 R2 servers and it works greatly in both directions. >>>>> Then I've tested it with another Windows Server 2016 Standard server >>>>> (different server and different ISP) and it showed the same awful results >>>>> in outbound direction. >>>>> When I've set the same OpenVPN tunnel between two Windows Server 2016 >>>>> Standard servers I've got the same poor network speed in both directions. >>>>> >>>>> I believe that the issue is somehow related only to the Windows Server >>>>> 2016 version and I am more than confident that it depends on server's TCP >>>>> stack settings. >>>>> I've noticed that Windows Server 2016 has a congestion control >>>>> provider setting set to "default", while previous versions of Windows has >>>>> this setting set to "none". >>>>> >>>>> I've created a topic on OpenVPN Support Forum and it was suggested to >>>>> post my issue to you and reference the thread. >>>>> >>>>> You can reference to the >>>>> https://forums.openvpn.net/viewtopic.php?f=6&t=27173 for config files >>>>> and additional information. >>>>> >>>>> Have you faced a similar issue before? Can you provide any hint how >>>>> can I resolve the issue? What did I missed? >>>>> I would be very grateful for any help. Thank you in advance. >>>>> >>>>> >>>>> -- >>>>> >>>>> Best regards, >>>>> >>>>> *Rostyslav Maryliak* >>>>> >>>>> System Administrator >>>>> >>>>> >>>>> >>>>> *iDeals™ Solutions Group*| + 38(073)437-72-51 >>>>> <%2B%2038%28093%29575-35-16> | Skype: rostyslav.maryliak.ideals| >>>>> *rostyslav.maryl...@idealscorp.com >>>>> <dmitry.zaporozhche...@idealscorp.com>* | www.idealsvdr.com >>>>> <http://www.idealscorp.com/> >>>>> >>>>> CONFIDENTIALITY NOTE: The information transmitted, including >>>>> attachments, is intended only for the person(s) or entity to which it is >>>>> addressed and may contain confidential and/or privileged material. Any >>>>> review, retransmission, dissemination or other use of, or taking of any >>>>> action in reliance upon this information by persons or entities other than >>>>> the intended recipient is prohibited. If you received this in error, >>>>> please >>>>> contact the sender and destroy any copies of this information. >>>>> _______________________________________________ >>>>> Openvpn-devel mailing list >>>>> Openvpn-devel@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/openvpn-devel >>>>> >>>> >>> >>> -- >>> >>> Best regards, >>> >>> *Rostyslav Maryliak* >>> >>> System Administrator >>> >>> >>> >>> *iDeals™ Solutions Group*| + 38(073)437-72-51 >>> <%2B%2038%28093%29575-35-16> | Skype: rostyslav.maryliak.ideals| >>> *rostyslav.maryl...@idealscorp.com >>> <dmitry.zaporozhche...@idealscorp.com>* | www.idealsvdr.com >>> <http://www.idealscorp.com/> >>> >>> CONFIDENTIALITY NOTE: The information transmitted, including >>> attachments, is intended only for the person(s) or entity to which it is >>> addressed and may contain confidential and/or privileged material. Any >>> review, retransmission, dissemination or other use of, or taking of any >>> action in reliance upon this information by persons or entities other than >>> the intended recipient is prohibited. If you received this in error, please >>> contact the sender and destroy any copies of this information. >> >> > > -- > > Best regards, > > *Rostyslav Maryliak* > > System Administrator > > > > *iDeals™ Solutions Group*| + 38(073)437-72-51 <%2B%2038%28093%29575-35-16> | > Skype: rostyslav.maryliak.ideals| *rostyslav.maryl...@idealscorp.com > <dmitry.zaporozhche...@idealscorp.com>* | www.idealsvdr.com > <http://www.idealscorp.com/> > > CONFIDENTIALITY NOTE: The information transmitted, including attachments, > is intended only for the person(s) or entity to which it is addressed and > may contain confidential and/or privileged material. Any review, > retransmission, dissemination or other use of, or taking of any action in > reliance upon this information by persons or entities other than the > intended recipient is prohibited. If you received this in error, please > contact the sender and destroy any copies of this information.
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
