Re: Performance issues with VNET/bridge/VLAN

2019-02-22 Thread Michael Grimm 

Am 2019-02-22 11:31, schrieb Patrick M. Hausen:

[x-posted to freebsd-jail@freebsd.org]


The machine is an iocage jail host, all jails with VNET.

The problem is: network performance in the jails (not on the host!) is 
abysmal

with the second setup. Not consistently so, everything *seems* to work
but e.g. a customer complained that checking out a project from github
happend at 15k/s … that’s when we started to investigate.


[...]

*Any* idea what might be going on here? We use VNET all the same on all 
the
hosts and it is still labelled „experimental", yes. But all the parts 
that
make up the different setups - bridge(4), vlan(4) - have been in 
FreeBSD
for ages. I’m just combining features orthogonally like every good 
sysadmin ;-)


If someone is willing to do some investigation, I think I can provide a 
test

system and remote access …


This sounds familiar to me, please have a look at the following two 
threads:


https://lists.freebsd.org/pipermail/freebsd-jail/2019-February/003684.html
https://lists.freebsd.org/pipermail/freebsd-net/2017-December/049470.html

If your hosts run on cloud infrastructure odds are that the mentioned 
settings will work in your case.


Regards,
Michael
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Re: Performance issues with VNET/bridge/VLAN

2019-02-22 Thread Patrick M. Hausen 
Hi!

> Am 22.02.2019 um 18:03 schrieb Michael Grimm :
> 
> Am 2019-02-22 11:31, schrieb Patrick M. Hausen:
> 
> [x-posted to freebsd-jail@freebsd.org]
> 
>> The machine is an iocage jail host, all jails with VNET.
>> The problem is: network performance in the jails (not on the host!) is 
>> abysmal
>> with the second setup. Not consistently so, everything *seems* to work
>> but e.g. a customer complained that checking out a project from github
>> happend at 15k/s … that’s when we started to investigate.
> 
> [...]
> 
>> *Any* idea what might be going on here? We use VNET all the same on all the
>> hosts and it is still labelled „experimental", yes. But all the parts that
>> make up the different setups - bridge(4), vlan(4) - have been in FreeBSD
>> for ages. I’m just combining features orthogonally like every good sysadmin 
>> ;-)
>> If someone is willing to do some investigation, I think I can provide a test
>> system and remote access …
> 
> This sounds familiar to me, please have a look at the following two threads:
> 
> https://lists.freebsd.org/pipermail/freebsd-jail/2019-February/003684.html
> https://lists.freebsd.org/pipermail/freebsd-net/2017-December/049470.html
> 
> If your hosts run on cloud infrastructure odds are that the mentioned 
> settings will work in your case.

Bare metal. We *provide* cloud infrastructure by the means of jails and VNET.

See this URL for the shameless marketing plug [tm] ;-) Or my talk at EuroBSDCon 
2017 in Paris.
https://infrastructure.punkt.de/de/produkte/proserver.html

And no PF, no NAT, no IPFW - just the setup I showed in my first mail
and of course epair(4) interfaces added to the bridge by iocage …

We happened to have a handful of servers without enough free uplink ports
in the respective racks and thought we could get away cheaply using trunks
and VLANs.

But I’ll fiddle with LRO nonetheless and report if that changes anything.

Thanks
Patrick
-- 
punkt.de GmbH   Internet - Dienstleistungen - Beratung
Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100
76133 Karlsruhe i...@punkt.de   http://punkt.de
AG Mannheim 108285  Gf: Juergen Egeling

___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"