From nobody Mon Sep 16 14:32:11 2024
X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X6nS60Yt3z5W8tG
	for <freebsd-net@mlmmj.nyi.freebsd.org>; Mon, 16 Sep 2024 14:32:22 +0000 (UTC)
	(envelope-from SRS0=ik9+=QO=quip.cz=000.fbsd@elsa.codelab.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4X6nS55McJz45R5;
	Mon, 16 Sep 2024 14:32:21 +0000 (UTC)
	(envelope-from SRS0=ik9+=QO=quip.cz=000.fbsd@elsa.codelab.cz)
Authentication-Results: mx1.freebsd.org;
	none
Received: from elsa.codelab.cz (localhost [127.0.0.1])
	by elsa.codelab.cz (Postfix) with ESMTP id A5D29D78C6;
	Mon, 16 Sep 2024 16:32:12 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quip.cz; s=private;
	t=1726497132; bh=8UVa/Sb+aV2u2q7dmgL1f+9DtYAaToEVQsfXetavraI=;
	h=Date:Subject:To:Cc:References:From:In-Reply-To;
	b=GbbP2Z1V6yQKBJO+RBJaTKjvTI+IT0nz1RD6iMjCcMIFM3L13PZlhWeGgmctERDBg
	 +u1VlFMe9p2VC4a7oLD9CjtJKeGl/H3W1Sxzu4EtKY96zUiAgN0lmhWZNZ11zeIb1w
	 6DIf1q36Alut62J0IZv9JNUY3aaQsvCF1T+R7fE0=
Received: from [192.168.145.49] (ip-89-177-27-225.bb.vodafone.cz [89.177.27.225])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by elsa.codelab.cz (Postfix) with ESMTPSA id 80F8ED78C7;
	Mon, 16 Sep 2024 16:32:11 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quip.cz; s=private;
	t=1726497131; bh=8UVa/Sb+aV2u2q7dmgL1f+9DtYAaToEVQsfXetavraI=;
	h=Date:Subject:To:Cc:References:From:In-Reply-To;
	b=edIrHc0sklmXrDaOm4OUT0zfvFb39iN0whZwRrS3/Nd0Etiz+SnaliVnI/B04hoMc
	 HWprlJZ6cqhSBJrcL7mnE9ArHkoFbccGXTUvU4dwDryc/PB3cLxT7GwPFQ3z58tolS
	 MSwFoJXLX0V98v4kU5FeixYXHMPTUhs4iJNU4F5E=
Message-ID: <cd68d032-36fd-4b10-a087-5bbc79b09cdb@quip.cz>
Date: Mon, 16 Sep 2024 16:32:11 +0200
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Performance issues with vnet jails + epair + bridge
To: Sad Clouds <cryintothebluesky@gmail.com>
Cc: Zhenlei Huang <zlei@freebsd.org>, Mark Saad <nonesuch@longcount.org>,
 FreeBSD Net <freebsd-net@freebsd.org>
References: <20240913100938.3eac55c9fbd976fa72d58bb5@gmail.com>
 <39B2C95D-1E4F-4133-8923-AD305DFA9435@longcount.org>
 <20240913155439.1e171a88bd01ce9b97558a90@gmail.com>
 <A95066A8-F5FC-451B-85CE-C463952ABADE@FreeBSD.org>
 <20240914112516.cfb31bae68ab90b83ca7ad4b@gmail.com>
 <CACA0VUjE43FUTaqAtXTur-4akQybKytv-oc1rHxwoUUXM3VQ=Q@mail.gmail.com>
 <20240915185654.b51cfec5aa2520e5b801cc87@gmail.com>
Content-Language: en-US
From: Miroslav Lachman <000.fbsd@quip.cz>
In-Reply-To: <20240915185654.b51cfec5aa2520e5b801cc87@gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	TAGGED_FROM(0.00)[=QO=quip.cz=000.fbsd];
	ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]
X-Rspamd-Queue-Id: 4X6nS55McJz45R5

On 15/09/2024 19:56, Sad Clouds wrote:
> On Sun, 15 Sep 2024 18:01:07 +0100
> Doug Rabson <dfr@rabson.org> wrote:
> 
>> I just did a throughput test with iperf3 client on a FreeBSD 14.1 host with
>> an intel 10GB nic connecting to an iperf3 server running in a vnet jail on
>> a truenas host (13.something) also with an intel 10GB nic and I get full
>> 10GB throughput in this setup. In the past, I had to disable LRO on the
>> truenas host for this to work properly.
>>
>> Doug.
> 
> Hello Doug, can you please confirm that you are NOT using if_epair(4)? I
> imagine you dedicate one of the Intel 10Gb ports to a jail. This is not
> an option for some of us, so a virtual NIC of some sort is the only
> option with vnet jails. Other people also mentioned that vnet by itself
> is not an issue and your test confirms this, however I'm observing poor
> scalability specifically with the epair virtual NIC.
> 
> I will be trying netgraph when I have some more time. If there are
> other alternatives to if_epair then I would be interested to learn
> about them.

Try ngbuddy, it will help you with configuring netgraph.

Or you can create second loopback interface, for example lo1 and put 
your jails on it. I don't know what your scenario is, but I used lo1 in 
the past with private IPs (10.x.x.x or 172.16.x.x) for jails not facing 
the outside world, just communicating with the host)

You can put something similar to rc.conf:

cloned_interfaces="lo1"
# interface where all jails will bind
ifconfig_lo1="inet 172.16.55.22 netmask 255.255.255.0"

Then run: service netif cloneup

Kind regards
Miroslav Lachman