From owner-freebsd-xen@freebsd.org Sun Jul 19 19:22:27 2015 Return-Path: Delivered-To: freebsd-xen@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D042E9A63F6 for ; Sun, 19 Jul 2015 19:22:27 +0000 (UTC) (envelope-from syd.meyer@gmail.com) Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 648F3196C for ; Sun, 19 Jul 2015 19:22:27 +0000 (UTC) (envelope-from syd.meyer@gmail.com) Received: by wicmv11 with SMTP id mv11so585865wic.0 for ; Sun, 19 Jul 2015 12:22:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=WI0UrvYQT1A+Bfmy/pL4YfRab8fUnsu848AduIDNeOU=; b=yBIpVpkeHblZNdecZADn4tqZFKhWShs5lX09wssO4xjtwIx5yBZ/KAfz7ZGAAn80YP nu7+ANRfBYcUF+zShsROxwmgMRaLe+OVanyUIMRSU9A+Y9o7fwFMUZf+L3RuRgPKvFFe dQBmFVmBO9hzDdpBwreSQjw9PTAnG7DesY1fro76bxhbfxw3qisOmTVJvX/5bQT3NZl5 dxfwEeZItIq/+WXvndSiJtqLAJXed5sz59V63XGZNEpASxnlM1kUz2kCONawSFwV0ieh 47yNpwz1o6CkWHOdcFGMe8iIo02yj6ctbZQTdE8la3SS9k5JE+ysSt72EHt2Rm/tq4/3 0dfQ== X-Received: by 10.180.91.196 with SMTP id cg4mr1028366wib.16.1437333745715; Sun, 19 Jul 2015 12:22:25 -0700 (PDT) Received: from [10.0.30.93] (131.69-67-87.adsl-dyn.isp.belgacom.be. [87.67.69.131]) by smtp.gmail.com with ESMTPSA id lg6sm3911380wjb.10.2015.07.19.12.22.24 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 19 Jul 2015 12:22:24 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3067\)) Subject: Re: Networking under Xen From: Sydney Meyer In-Reply-To: <4B6D4AEF-6107-4F95-9F5A-F0EA137809AC@gmail.com> Date: Sun, 19 Jul 2015 21:22:24 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <41967713-C2DE-4657-96ED-F8BE3491D4EA@gmail.com> References: <4E7B7075-4E0D-4EA7-9F5D-6D252CFBD487@gmail.com> <1436890526.3162974.323521249.6B73E6E2@webmail.messagingengine.com> <4B6D4AEF-6107-4F95-9F5A-F0EA137809AC@gmail.com> To: freebsd-xen@freebsd.org X-Mailer: Apple Mail (2.3067) X-BeenThere: freebsd-xen@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion of the freebsd port to xen - implementation and usage List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Jul 2015 19:22:28 -0000 Also i have noticed, when TSO is disabled IPv4 TCP Performance also = drops from ~10 Gb/s to ~3 Gb/s, the same as with IPv6. I have read = threads from around 2010 about the networking stack not having support = for TSO on IPv6 Packets. May this be the problem in this case? > On 14 Jul 2015, at 23:44, Sydney Meyer wrote: >=20 >=20 >> On 14 Jul 2015, at 18:15, Mark Felder wrote: >>=20 >>=20 >>=20 >> On Tue, Jul 14, 2015, at 07:36, Sydney Meyer wrote: >>> Hello everybody, >>>=20 >>> i have noticed some odd behaviour with networking under Xen with = FreeBSD >>> 10 as a DomU. >>>=20 >>> - IPv6 (TCP) bandwith drops from ~10 Gbit/s IPv4 to around 3 Gbit/s = IPv6. >>> (measured with iperf) >>>=20 >>=20 >> What is the "before" and "after" here? When is FreeBSD successfully >> doing 10Gbit/s and when isn't it? Is pf enabled? Are you scrubbing? >=20 > With two clean 10.1 AMD64 DomU installations both with a single, = pinned cpu, without pf enabled the TCP performance between the two = hosts, measured with iperf, differs between ~10 Gb/s on IPv4 and ~3 Gb/s = on IPv6. With pf enabled and "scrub in all" the difference is almost the = same. >>=20 >>> - Dropped/Stalled Connections with TCP Segmentation Offload and pf >>> enabled. >>>=20 >>=20 >> TSO is a known issue. I've been turning it off for years to get = FreeBSD >> to play nice on Xen. >=20 > This one i am still investigating, because it happens only in = "certain" situations (which are not clear to me, atm), but the host = seems to drop ACK Packets in some situations like when connected to via = IPSEC or via double NAT. This happens only when pf it actually enabled. = Disabling TSO on the xn-interface seems to help. >>=20 >>> - IPSEC-enabled Kernel TCP Performance drops from ~10 Gbit/s to ~200 >>> Mbit/s (iperf). >>>=20 >>=20 >> Are you saying FreeBSD non-IPSEC kernel can do 10Gbit/s TCP = performance, >> but IPSEC kernel immediately drops it to 200Mbit/s? >=20 > As for the apparent performance drop with IPSEC enabled Kernels = without security associations installed, i am unable to reproduce this = now, not on 10.0 or 10.1 nor 10 STABLE. Only when actually _using_ IPSec = the performance drops from ~10Gb/s to around ~200Mb/s whether actually = encrypting esp traffic or not. > This clearly must have been a mistake on my side, although i could = have sworn that i checked this two times before asking on the forums and = the -net mailing list a few weeks ago. Well then, i am sincerely sorry = about this one. >> _______________________________________________ >> freebsd-xen@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-xen >> To unsubscribe, send any mail to = "freebsd-xen-unsubscribe@freebsd.org" >=20