Performance issues with VNET/bridge/VLAN

Patrick M. Hausen hausen at punkt.de
Fri Feb 22 10:31:41 UTC 2019 

Hi all,

please have a look at these two network setups:

------- separate interfaces ------- 
ifconfig_ixl0="up"
ifconfig_ixl1="up"

cloned_interfaces="bridge0 bridge1"

ifconfig_bridge0_name="inet0"
ifconfig_inet0="addm ixl0 up"
ifconfig_inet0_alias0="inet ww.xx.yy.zz/24"
ifconfig_inet0_ipv6="inet6 2a00:b580:8000:11:dead:beef:dead:beef/64 auto_linklocal"

ifconfig_bridge1_name="mgmt0"
ifconfig_mgmt0="addm ixl1 up"
ifconfig_mgmt0_alias0="inet 10.x.y.z/16"
ifconfig_mgmt0_ipv6="inet6 auto_linklocal"
----------------------------------- 

and

------- trunk port w/ VLANs ------- 
ifconfig_ixl0="up"

cloned_interfaces="vlan7 vlan11 bridge0 bridge1"

ifconfig_vlan7="up vlan 7 vlandev ixl0"
ifconfig_vlan11="up vlan 11 vlandev ixl0"

ifconfig_bridge0_name="inet0"
ifconfig_inet0="addm vlan11 up"
ifconfig_inet0_alias0="inet ww.xx.yy.zz/24"
ifconfig_inet0_ipv6="inet6 2a00:b580:8000:11:dead:beef:dead:beef/64 auto_linklocal"

ifconfig_bridge1_name="mgmt0"
ifconfig_mgmt0="addm vlan7 up"
ifconfig_mgmt0_alias0="inet 10.x.y.z/16"
ifconfig_mgmt0_ipv6="inet6 auto_linklocal"
----------------------------------- 

If the switches at the other end are configured correctly, they should work
precisely the same, right? In the second case both networks share the bandwidth,
but the management network is mostly idle and only used for monitoring and
nightly backups.

The machine is an iocage jail host, all jails with VNET.

The problem is: network performance in the jails (not on the host!) is abysmal
with the second setup. Not consistently so, everything *seems* to work
but e.g. a customer complained that checking out a project from github
happend at 15k/s … that’s when we started to investigate.

After not finding anything fundamentally wrong we checked the differences
between individual hosts and the only essential one was the network setup
as shown above. So early this morning i rewired the host, got rid of the
VLANs - presto, github fast now.

*Any* idea what might be going on here? We use VNET all the same on all the
hosts and it is still labelled „experimental", yes. But all the parts that
make up the different setups - bridge(4), vlan(4) - have been in FreeBSD
for ages. I’m just combining features orthogonally like every good sysadmin ;-)

If someone is willing to do some investigation, I think I can provide a test
system and remote access …

Systems are running 11.2p3 at the moment. To be patched to 11.2p9 next
Tuesday.

Kind regards,
Patric
-- 
punkt.de GmbH			Internet - Dienstleistungen - Beratung
Kaiserallee 13a			Tel.: 0721 9109-0 Fax: -100
76133 Karlsruhe			info at punkt.de	http://punkt.de
AG Mannheim 108285		Gf: Juergen Egeling

More information about the freebsd-net mailing list