Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 5 Feb 2019 18:47:23 +0100
From:      Michael Grimm <trashcan@ellael.org>
To:        Farhan Khan <khanzf@gmail.com>
Cc:        freebsd-jail@freebsd.org
Subject:   Re: vnet NAT'd jails extremely slow, connection dies
Message-ID:  <2B6B82BC-1105-4D3B-AD6C-E74109A76113@ellael.org>
In-Reply-To: <CAFd4kYDHabjKQb_YwTU29PzhV-FKtoTxHTxOkU6MQw59rBEb4g@mail.gmail.com>
References:  <CAFd4kYCZVNAE1cPWqQKwVs3G-iDF130P4yuESV-5iN5bBL83DA@mail.gmail.com> <CAFd4kYDHabjKQb_YwTU29PzhV-FKtoTxHTxOkU6MQw59rBEb4g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Farhan Khan <khanzf@gmail.com> wrote:
> On Mon, Feb 4, 2019 at 2:29 PM Farhan Khan <khanzf@gmail.com> wrote:

>> I have a jail NAT'd to a base system, but the connection is extremely
>> slow and frequently disconnects drops, whereas the base is fine has
>> perfectly fine connectivity.
>>=20
>> My configuration is as follows:
>> vtnet0: Has routeable IPv4 address and 172.16.0.1/16
>> Jail uses epair4b, base has epair4a. Jail's IP is 172.16.0.5/16.
>> The base and jail can ping each other.
>> bridge0: contains vtnet0 and epair4a.
>>=20
>> I have gateway_enable=3D"YES"
>> My pf.conf is as follows:
>> nat pass from 172.16.0.0/16 to any -> (vtnet0)
>>=20
>> When I try to run clamav, the connectivity stalls after a few minutes
>> and eventually disconnects. I ran tcpdump on the bridge and saw a lot
>> of HTTP seq and ack packets but no actual data. I am not using IPv6
>> yet.
>=20
> Just to provide more context to my previous email, outside of the jail
> I can download the FreeBSD ISO installer image at 3 MBps. Within the
> jail it drops to 12KBps.

This sounds familiar to me ;-)

Please have a look at =
https://lists.freebsd.org/pipermail/freebsd-net/2017-December/049470.html
Solution in =
https://lists.freebsd.org/pipermail/freebsd-net/2017-December/049484.html

I ended up with the following additions to /boot/loader.conf (and a =
subsequent reboot):

	# needs to become turned off (LRO) in order to restore tcp =
performance within VNET jails:
	hw.vtnet.lro_disable=3D"1"  =20
	hw.vtnet.tso_disable=3D"1"

HTH,
Michael

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2B6B82BC-1105-4D3B-AD6C-E74109A76113>