performance issue within VNET jail

Michael Grimm trashcan at ellael.org
Thu Dec 21 21:59:49 UTC 2017 


> On 21. Dec 2017, at 22:48, Eugene Grosbein <eugen at grosbein.net> wrote:
> 
> 22.12.2017 4:42, Michael Grimm wrote:
> 
>> Well I prepared on of my webservers running at hostB/jailX to serve a sample file for local downloading tests:
>> 
>> 1) hostA	wget from hostB/jailX sample file: about  30 MB/s
>> 2) hostA/jailY	wget from hostB/jailX sample file: about  30 MB/s
>> 3) hostB	wget from hostB/jailX sample file: about 190 MB/s
>> 4) hostB/jailY	wget from hostB/jailX sample file: about 190 MB/s
>> 
>> Hmm. At least tests 3) and 4) omit the pf firewall. Tests 1) qnd 2) include passing two firewalls, one at each host. BUT: Both hosts are connected via an IPSec tunnel, and that's esp not tcp.
>> 
>> Can anyone draw conclusions from this test? 
>> I cannot ;-)
> 
> Make sure and double check that your ESP packets do not get fragmented.


Hmm, I do not know how to achieve that. May the following tcpdump excerpts answer your question, or do you want me to look somewhere else?

At hostA while downloading from hostB/jailX and "tcpdump -i extIF esp -vv"

22:52:42.341023 IP (tos 0x0, ttl 64, id 40481, offset 0, flags [none], proto ESP (50), length 140)
    hostA > hostB: ESP(spi=0x01d9ec34,seq=0x5fe699), length 120
22:52:42.341079 IP (tos 0x0, ttl 53, id 64310, offset 1480, flags [none], proto ESP (50), length 100)
    hostB > hostA: ip-proto-50
22:52:42.341151 IP (tos 0x0, ttl 64, id 40483, offset 0, flags [none], proto ESP (50), length 140)
    hostA > hostB: ESP(spi=0x01d9ec34,seq=0x5fe69a), length 120
22:52:42.341169 IP (tos 0x0, ttl 53, id 64312, offset 1480, flags [none], proto ESP (50), length 100)
    hostB > hostA: ip-proto-50
22:52:42.341238 IP (tos 0x0, ttl 53, id 64314, offset 1480, flags [none], proto ESP (50), length 100)
    hostB > hostA: ip-proto-50

At hostB the same dump looks like:

22:52:42.463511 IP (tos 0x0, ttl 53, id 41153, offset 0, flags [none], proto ESP (50), length 124)
    hostA > hostB: ESP(spi=0x01d9ec34,seq=0x5feaa8), length 104
22:52:42.463518 IP (tos 0x0, ttl 53, id 41155, offset 0, flags [none], proto ESP (50), length 124)
    hostA > hostB: ESP(spi=0x01d9ec34,seq=0x5feaa9), length 104
22:52:42.463593 IP (tos 0x0, ttl 53, id 41157, offset 0, flags [none], proto ESP (50), length 124)
    hostA > hostB: ESP(spi=0x01d9ec34,seq=0x5feaaa), length 104
22:52:42.463601 IP (tos 0x0, ttl 53, id 41159, offset 0, flags [none], proto ESP (50), length 124)
    hostA > hostB: ESP(spi=0x01d9ec34,seq=0x5feaab), length 104
22:52:42.463673 IP (tos 0x0, ttl 53, id 41161, offset 0, flags [none], proto ESP (50), length 124)
    hostA > hostB: ESP(spi=0x01d9ec34,seq=0x5feaac), length 104


Thanks and regards,
Michael





> 
> 
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

More information about the freebsd-net mailing list