From owner-freebsd-net@freebsd.org Thu Dec 21 21:59:49 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 13CE4E8E0B3; Thu, 21 Dec 2017 21:59:49 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [91.121.41.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BCBAD7ABAB; Thu, 21 Dec 2017 21:59:48 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from [IPv6:2003:8c:2e04:e501:40cc:d10e:17c0:531] (p2003008C2E04E50140CCD10E17C00531.dip0.t-ipconnect.de [IPv6:2003:8c:2e04:e501:40cc:d10e:17c0:531]) by mx1.enfer-du-nord.net (Postfix) with ESMTPSA id 3z2lt21D2MzDsY; Thu, 21 Dec 2017 22:59:38 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: performance issue within VNET jail From: Michael Grimm In-Reply-To: <5A3C2C42.6060904@grosbein.net> Date: Thu, 21 Dec 2017 22:59:37 +0100 Cc: Kristof Provost , freebsd-net@freebsd.org, freebsd-jail@FreeBSD.org Content-Transfer-Encoding: quoted-printable Message-Id: <5DAD8B80-FE3C-49D2-A645-EE144474D5FE@ellael.org> References: <4F5EE3F6-0163-4435-8726-56B0D4AE9FAF@ellael.org> <8102F5FD-DCFC-4EF8-A443-9E6C9EB1F467@ellael.org> <5A3C2C42.6060904@grosbein.net> To: Eugene Grosbein X-Virus-Scanned: clamav-milter 0.99.2 at mail X-Virus-Status: Clean X-Mailer: Apple Mail (2.3445.5.20) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Dec 2017 21:59:49 -0000 > On 21. Dec 2017, at 22:48, Eugene Grosbein wrote: >=20 > 22.12.2017 4:42, Michael Grimm wrote: >=20 >> Well I prepared on of my webservers running at hostB/jailX to serve a = sample file for local downloading tests: >>=20 >> 1) hostA wget from hostB/jailX sample file: about 30 MB/s >> 2) hostA/jailY wget from hostB/jailX sample file: about 30 = MB/s >> 3) hostB wget from hostB/jailX sample file: about 190 MB/s >> 4) hostB/jailY wget from hostB/jailX sample file: about 190 = MB/s >>=20 >> Hmm. At least tests 3) and 4) omit the pf firewall. Tests 1) qnd 2) = include passing two firewalls, one at each host. BUT: Both hosts are = connected via an IPSec tunnel, and that's esp not tcp. >>=20 >> Can anyone draw conclusions from this test?=20 >> I cannot ;-) >=20 > Make sure and double check that your ESP packets do not get = fragmented. Hmm, I do not know how to achieve that. May the following tcpdump = excerpts answer your question, or do you want me to look somewhere else? At hostA while downloading from hostB/jailX and "tcpdump -i extIF esp = -vv" 22:52:42.341023 IP (tos 0x0, ttl 64, id 40481, offset 0, flags [none], = proto ESP (50), length 140) hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5fe699), length 120 22:52:42.341079 IP (tos 0x0, ttl 53, id 64310, offset 1480, flags = [none], proto ESP (50), length 100) hostB > hostA: ip-proto-50 22:52:42.341151 IP (tos 0x0, ttl 64, id 40483, offset 0, flags [none], = proto ESP (50), length 140) hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5fe69a), length 120 22:52:42.341169 IP (tos 0x0, ttl 53, id 64312, offset 1480, flags = [none], proto ESP (50), length 100) hostB > hostA: ip-proto-50 22:52:42.341238 IP (tos 0x0, ttl 53, id 64314, offset 1480, flags = [none], proto ESP (50), length 100) hostB > hostA: ip-proto-50 At hostB the same dump looks like: 22:52:42.463511 IP (tos 0x0, ttl 53, id 41153, offset 0, flags [none], = proto ESP (50), length 124) hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaa8), length 104 22:52:42.463518 IP (tos 0x0, ttl 53, id 41155, offset 0, flags [none], = proto ESP (50), length 124) hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaa9), length 104 22:52:42.463593 IP (tos 0x0, ttl 53, id 41157, offset 0, flags [none], = proto ESP (50), length 124) hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaaa), length 104 22:52:42.463601 IP (tos 0x0, ttl 53, id 41159, offset 0, flags [none], = proto ESP (50), length 124) hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaab), length 104 22:52:42.463673 IP (tos 0x0, ttl 53, id 41161, offset 0, flags [none], = proto ESP (50), length 124) hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaac), length 104 Thanks and regards, Michael >=20 >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"