From owner-freebsd-jail@freebsd.org Tue Feb 5 17:47:43 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 90BD814C23F3 for ; Tue, 5 Feb 2019 17:47:43 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from mx2.enfer-du-nord.net (mx2.enfer-du-nord.net [IPv6:2001:41d0:401:2100::5:8a0e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D6B8185A55 for ; Tue, 5 Feb 2019 17:47:42 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from [IPv6:2003:e9:7f02:4401:1030:7b2a:b6c2:77e0] (p200300E97F02440110307B2AB6C277E0.dip0.t-ipconnect.de [IPv6:2003:e9:7f02:4401:1030:7b2a:b6c2:77e0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx2.enfer-du-nord.net (Postfix) with ESMTPSA id 43vBqN0CL2zcV7; Tue, 5 Feb 2019 18:47:27 +0100 (CET) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.101.1 at mail.enfer-du-nord.net Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: vnet NAT'd jails extremely slow, connection dies From: Michael Grimm In-Reply-To: Date: Tue, 5 Feb 2019 18:47:23 +0100 Cc: freebsd-jail@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <2B6B82BC-1105-4D3B-AD6C-E74109A76113@ellael.org> References: To: Farhan Khan X-Mailer: Apple Mail (2.3445.102.3) X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,RDNS_NONE,TW_VT autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.kaan-bock.lan X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2019 17:47:43 -0000 Farhan Khan wrote: > On Mon, Feb 4, 2019 at 2:29 PM Farhan Khan wrote: >> I have a jail NAT'd to a base system, but the connection is extremely >> slow and frequently disconnects drops, whereas the base is fine has >> perfectly fine connectivity. >>=20 >> My configuration is as follows: >> vtnet0: Has routeable IPv4 address and 172.16.0.1/16 >> Jail uses epair4b, base has epair4a. Jail's IP is 172.16.0.5/16. >> The base and jail can ping each other. >> bridge0: contains vtnet0 and epair4a. >>=20 >> I have gateway_enable=3D"YES" >> My pf.conf is as follows: >> nat pass from 172.16.0.0/16 to any -> (vtnet0) >>=20 >> When I try to run clamav, the connectivity stalls after a few minutes >> and eventually disconnects. I ran tcpdump on the bridge and saw a lot >> of HTTP seq and ack packets but no actual data. I am not using IPv6 >> yet. >=20 > Just to provide more context to my previous email, outside of the jail > I can download the FreeBSD ISO installer image at 3 MBps. Within the > jail it drops to 12KBps. This sounds familiar to me ;-) Please have a look at = https://lists.freebsd.org/pipermail/freebsd-net/2017-December/049470.html Solution in = https://lists.freebsd.org/pipermail/freebsd-net/2017-December/049484.html I ended up with the following additions to /boot/loader.conf (and a = subsequent reboot): # needs to become turned off (LRO) in order to restore tcp = performance within VNET jails: hw.vtnet.lro_disable=3D"1" =20 hw.vtnet.tso_disable=3D"1" HTH, Michael