From owner-freebsd-net@FreeBSD.ORG Tue Feb 16 18:46:46 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A3C1D106568B for ; Tue, 16 Feb 2010 18:46:46 +0000 (UTC) (envelope-from julian@elischer.org) Received: from out-0.mx.aerioconnect.net (out-0-3.mx.aerioconnect.net [216.240.47.63]) by mx1.freebsd.org (Postfix) with ESMTP id 840CE8FC22 for ; Tue, 16 Feb 2010 18:46:46 +0000 (UTC) Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160]) by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id o1GIkjYS017278; Tue, 16 Feb 2010 10:46:45 -0800 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id AC2CB2D6013; Tue, 16 Feb 2010 10:46:44 -0800 (PST) Message-ID: <4B7AE844.3090007@elischer.org> Date: Tue, 16 Feb 2010 10:47:32 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: pyunyh@gmail.com References: <20100215211141.GK96648@obspm.fr> <20100216182306.GC1394@michelle.cdnetworks.com> In-Reply-To: <20100216182306.GC1394@michelle.cdnetworks.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51 Cc: Albert Shih , freebsd-pf@freebsd.org, freebsd-net@freebsd.org Subject: Re: Possible bug in TSO or in pf on bce X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Feb 2010 18:46:46 -0000 Pyun YongHyeon wrote: > On Mon, Feb 15, 2010 at 10:11:41PM +0100, Albert Shih wrote: >> Hi all, >> >> I'm not a tcp/ip guru, so I don't known if it's a bug or not. >> >> The situation is little complexe, so I'm going to explain that. >> >> I've one server with tree interfaces two bce and one bge. All test is on >> two bce. >> >> This server running FreeBSD-7.2-p6 and have lot of jail (but the problem is >> the same for one jail, so I assume I've just one jail). The bce0 and bce1 >> are in different vlan. >> >> The jail is on bce1 (meaning the jail IP is on the bce1 subnet). >> >> The default gateway is on bce0 >> >> So to make all traffic of the jail pass only throught bce1 and not using >> bce0 I'm using pf with something like >> >> pass out route-to (bce1 bce1_subnet_gw) from jail_IP to ! bce1_subnet keep state >> pass in on bce1 reply-to (bce1 bce1_subnet_gw) from ! bce1_subnet to jail_IP keep state >> >> if I do that all traffic pass through the right interface (bce1), but...the >> bandwith drop to ~60kb/s (on gigabit interface). >> >> So I find the problem is with TSO, if I deactivated the TSO the bandwith is >> return to normal. >> >> I don't knwon if it's a bug in PF (the problem is same if I use scrub or >> not) or in the TSO support of bce. >> > > At first I thought you hit one of edge case of TSO on bce(4). But > it seems the issue comes from pf's route handling. When I ported pf > from OpenBSD, there was no TSO capability in FreeBSD at that time > so the pf_route() had no special handling code for TSO. Since it > was long time ago I'm not sure whether it's correct or not but try > attached patch. > > Apart from TSO FreeBSD got several new features like fib, > flow-table and vnet. We may need to check whether these new > features are still working with pf(4). yes, in 8.0 you have options ot do what you want to do in several ways. From a quick look, both multi-FIBs and vnet may be directly applicable to you. As for pf, it works with multi fibs but the patch for vnet depends upon teh installation of a newer revision of pf and that may not be possible in 8.x. (ceri may be able so shed more light on that, I'm assuming he's seeing this.) > > > ------------------------------------------------------------------------ > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"