From owner-freebsd-net@FreeBSD.ORG Tue Sep 9 21:43:01 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CAF14987 for ; Tue, 9 Sep 2014 21:43:01 +0000 (UTC) Received: from smtpout100.ehv.onlinespamfilter.nl (smtpout100.ehv.onlinespamfilter.nl [IPv6:2001:4cb8:1:1620:217:21:240:168]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 764C2CE0 for ; Tue, 9 Sep 2014 21:43:01 +0000 (UTC) Received: from smtp.onlinespamfilter.nl (localhost [127.0.0.1]) by smtp.onlinespamfilter.nl (Postfix) with ESMTP id 3ht0Fz49hLzQx for ; Tue, 9 Sep 2014 23:42:47 +0200 (CEST) Received: from smtp.debank.tv (145-158-ftth.on.nl [88.159.158.145]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.onlinespamfilter.nl (Postfix) with ESMTPS for ; Tue, 9 Sep 2014 23:42:47 +0200 (CEST) Received: from smtp.debank.tv (smtp.debank.tv [172.16.143.25]) by smtp.debank.tv (Postfix) with ESMTP id 255242A2E16 for ; Tue, 9 Sep 2014 23:42:47 +0200 (CEST) Received: from roundcube.debank.tv (roundcube.debank.tv [IPv6:2001:1af8:fe30::41]) by smtp.debank.tv (Postfix) with ESMTP id C45922A2E13 for ; Tue, 9 Sep 2014 23:42:46 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 10 Sep 2014 09:42:46 +1200 From: mailinglists@debank.tv To: freebsd-net@freebsd.org Subject: Performance problem with slow link behind fast gateway Message-ID: X-Sender: mailinglists@debank.tv User-Agent: Roundcube Webmail/1.0.2 X-Virus-Scanned: ClamAV using ClamSMTP @ debank.tv X-OSF-Virus: CLEAN X-OSF-Outgoing: Innocent X-OSF-Account: 1327 X-OSF-SUM: 63c0bbcd45dcebce75c580685ecd5b7b X-OSF-Info: Checked for spam and viruses X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Sep 2014 21:43:01 -0000 All, I'm seeing some performance problems with a slowish VPN connection behind a fast gateway, the setup looks like this: |----------------------------------| |-----------------------------| |client (zandbak) (DSL connection)| ---- 'VPN tunnel' ----- |Gateway (vps) using NAT on 1G|------ 'Internet' |----------------------------------| |-----------------------------| Transfers from the gateway to the client are reasonably fast (easily within usable range for me): root@zandbak:/usr/home/rob # scp rob@gateway:test_file ./ test_file 100% 10MB 445.2KB/s 00:23 Transfers from the internet to the gateway are fast: root@vps:/usr/home/rob # fetch -4 "http://149.20.53.23/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/10.0/FreeBSD-10.0-RELEASE-amd64-bootonly.iso" FreeBSD-10.0-RELEASE-amd64-bootonly.iso 100% of 209 MB 10 MBps 00m20s But transfers from the client to the internet through the tunnel are showing a very degraded connection speed, the speed jumps up and down but averages at around 20kBps: root@zandbak:/usr/home/rob # fetch "http://149.20.53.23/pub/FreeBSD/ISO-IMAGES-amd64/10.0/FreeBSD-10.0-RELEASE-amd64-bootonly.iso" FreeBSD-10.0-RELEASE-amd64-bootonly.iso 0% of 209 MB 8275 Bps 07h27m I've tried to eliminate some variables: -VPN: tinc as a L2 VPN and openVPN as a L3 VPN, results are the same -NAT: pf and ipfw, results are the same I suspect that there's a problem with the fast link receiving too much data and once the buffers are full dropping packets although I'm not sure if this is actually the problem. My question is: how can I debug this issue? Below some system information, I can supply more info if needed Thanks! Rob Evers System info: Gateway: This is a VPS on KVM root@vps:/usr/home/rob # uname -a FreeBSD vps.debank.tv 10.0-STABLE FreeBSD 10.0-STABLE #5 r268727M: Wed Jul 16 13:17:24 NZST 2014 root@vps.debank.tv:/usr/obj/usr/src/sys/GENERIC amd64 root@vps:/usr/home/rob # ifconfig vtnet0 vtnet0: flags=8843 metric 0 mtu 1500 options=6c00ab ether 00:16:3c:55:17:b9 inet 192.227.xxx.xxx netmask 0xffffff00 broadcast 192.227.xxx.xxx inet6 fe80::216:3cff:fe55:17b9%vtnet0 prefixlen 64 scopeid 0x1 nd6 options=21 media: Ethernet 10Gbase-T status: active root@vps:/usr/home/rob # ifconfig tap0 tap0: flags=8843 metric 0 mtu 1500 options=80000 ether 00:bd:61:01:00:00 inet6 fd7c:3e16:580b:4ccf::50 prefixlen 64 inet6 fe80::2bd:61ff:fe01:0%tap0 prefixlen 64 scopeid 0x4 inet 172.16.143.50 netmask 0xffffff00 broadcast 172.16.143.255 nd6 options=61 media: Ethernet autoselect status: active Opened by PID 61485 Client: This is a VM on bhyve root@zandbak:/usr/home/rob # uname -a FreeBSD zandbak 10.0-RELEASE-p7 FreeBSD 10.0-RELEASE-p7 #0: Tue Jul 8 06:37:44 UTC 2014 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 root@zandbak:/usr/home/rob # ifconfig vtnet0 vtnet0: flags=8943 metric 0 mtu 1500 options=80028 ether 52:54:00:13:fd:78 inet 192.168.1.129 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::5054:ff:fe13:fd78%vtnet0 prefixlen 64 scopeid 0x1 nd6 options=29 media: Ethernet 10Gbase-T status: active root@zandbak:/usr/home/rob # ifconfig tap0 tap0: flags=8843 metric 0 mtu 1500 options=80000 ether 00:bd:3d:94:05:00 inet 172.16.143.55 netmask 0xffffff00 broadcast 172.16.143.255 nd6 options=29 media: Ethernet autoselect status: active Opened by PID 1411