Performance problem with slow link behind fast gateway (solved: worked around)

mailinglists at debank.tv mailinglists at debank.tv
Thu Sep 18 21:02:57 UTC 2014 

On 2014-09-15 07:55, Bryan Venteicher wrote:
> Hi,
> 
> On Tue, Sep 9, 2014 at 4:42 PM, <mailinglists at debank.tv> wrote:
> 
>> All,
>> 
>> I'm seeing some performance problems with a slowish VPN connection 
>> behind
>> a fast gateway, the setup looks like this:
>> 
>> |----------------------------------|
>>  |-----------------------------|
>> |client (zandbak)  (DSL connection)| ---- 'VPN tunnel' ----- |Gateway
>> (vps) using NAT on 1G|------ 'Internet'
>> |----------------------------------|
>>  |-----------------------------|
>> 
>> 
>> Transfers from the gateway to the client are reasonably fast (easily
>> within usable range for me):
>> root at zandbak:/usr/home/rob # scp rob at gateway:test_file ./
>> test_file
>>                          100%   10MB 445.2KB/s   00:23
>> 
>> 
>> Transfers from the internet to the gateway are fast:
>> root at vps:/usr/home/rob # fetch -4 "http://149.20.53.23/pub/
>> FreeBSD/releases/amd64/amd64/ISO-IMAGES/10.0/FreeBSD-10.0-
>> RELEASE-amd64-bootonly.iso"
>> FreeBSD-10.0-RELEASE-amd64-bootonly.iso       100% of  209 MB   10 
>> MBps
>> 00m20s
>> 
>> 
>> But transfers from the client to the internet through the tunnel are
>> showing a very degraded connection speed, the speed jumps up and down 
>> but
>> averages at around 20kBps:
>> root at zandbak:/usr/home/rob # fetch "http://149.20.53.23/pub/
>> FreeBSD/ISO-IMAGES-amd64/10.0/FreeBSD-10.0-RELEASE-amd64-bootonly.iso"
>> FreeBSD-10.0-RELEASE-amd64-bootonly.iso         0% of  209 MB 8275  
>> Bps
>> 07h27m
>> 
>> 
>> I've tried to eliminate some variables:
>> -VPN: tinc as a L2 VPN and openVPN as a L3 VPN, results are the same
>> -NAT: pf and ipfw, results are the same
>> 
>> I suspect that there's a problem with the fast link receiving too much
>> data and once the buffers are full dropping packets although I'm not 
>> sure
>> if this is actually the problem.
>> My question is: how can I debug this issue?
>> 
>> 
>> 
> ​On the vtnet0 interface in your KVM VM​, disable checksum offloading. 
> What
> KVM/QEMU VirtIO provides as the "checksum" in situation likes this does 
> not
> work well with what FreeBSD expects. Fixing this has been on my todo 
> list
> for awhile, but it is a moderate amount of work to fix this, and 
> touches
> many places in the stack. I have plans to do mbuf related work later 
> this
> year, and was planning to finally fix this issue as well.
> 
> 
> 

<--------------SNIP----------->


Thanks Bryan,

I can confirm performance with checksum offloading disabled on the vtnet 
interface is back to expected levels!

Rob Evers

More information about the freebsd-net mailing list