Date: Thu, 21 Dec 2017 22:59:37 +0100 From: Michael Grimm <trashcan@ellael.org> To: Eugene Grosbein <eugen@grosbein.net> Cc: Kristof Provost <kristof@sigsegv.be>, freebsd-net@freebsd.org, freebsd-jail@FreeBSD.org Subject: Re: performance issue within VNET jail Message-ID: <5DAD8B80-FE3C-49D2-A645-EE144474D5FE@ellael.org> In-Reply-To: <5A3C2C42.6060904@grosbein.net> References: <4F5EE3F6-0163-4435-8726-56B0D4AE9FAF@ellael.org> <B6446660-9FD2-4C28-A3A2-8AC99624C7FF@sigsegv.be> <8102F5FD-DCFC-4EF8-A443-9E6C9EB1F467@ellael.org> <DB5DE737-7171-4953-AF98-45F1BE7AF09E@sigsegv.be> <BE008733-5AD8-4DAC-A6A5-BC3FCEC16202@ellael.org> <5A3C2C42.6060904@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 21. Dec 2017, at 22:48, Eugene Grosbein <eugen@grosbein.net> wrote: >=20 > 22.12.2017 4:42, Michael Grimm wrote: >=20 >> Well I prepared on of my webservers running at hostB/jailX to serve a = sample file for local downloading tests: >>=20 >> 1) hostA wget from hostB/jailX sample file: about 30 MB/s >> 2) hostA/jailY wget from hostB/jailX sample file: about 30 = MB/s >> 3) hostB wget from hostB/jailX sample file: about 190 MB/s >> 4) hostB/jailY wget from hostB/jailX sample file: about 190 = MB/s >>=20 >> Hmm. At least tests 3) and 4) omit the pf firewall. Tests 1) qnd 2) = include passing two firewalls, one at each host. BUT: Both hosts are = connected via an IPSec tunnel, and that's esp not tcp. >>=20 >> Can anyone draw conclusions from this test?=20 >> I cannot ;-) >=20 > Make sure and double check that your ESP packets do not get = fragmented. Hmm, I do not know how to achieve that. May the following tcpdump = excerpts answer your question, or do you want me to look somewhere else? At hostA while downloading from hostB/jailX and "tcpdump -i extIF esp = -vv" 22:52:42.341023 IP (tos 0x0, ttl 64, id 40481, offset 0, flags [none], = proto ESP (50), length 140) hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5fe699), length 120 22:52:42.341079 IP (tos 0x0, ttl 53, id 64310, offset 1480, flags = [none], proto ESP (50), length 100) hostB > hostA: ip-proto-50 22:52:42.341151 IP (tos 0x0, ttl 64, id 40483, offset 0, flags [none], = proto ESP (50), length 140) hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5fe69a), length 120 22:52:42.341169 IP (tos 0x0, ttl 53, id 64312, offset 1480, flags = [none], proto ESP (50), length 100) hostB > hostA: ip-proto-50 22:52:42.341238 IP (tos 0x0, ttl 53, id 64314, offset 1480, flags = [none], proto ESP (50), length 100) hostB > hostA: ip-proto-50 At hostB the same dump looks like: 22:52:42.463511 IP (tos 0x0, ttl 53, id 41153, offset 0, flags [none], = proto ESP (50), length 124) hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaa8), length 104 22:52:42.463518 IP (tos 0x0, ttl 53, id 41155, offset 0, flags [none], = proto ESP (50), length 124) hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaa9), length 104 22:52:42.463593 IP (tos 0x0, ttl 53, id 41157, offset 0, flags [none], = proto ESP (50), length 124) hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaaa), length 104 22:52:42.463601 IP (tos 0x0, ttl 53, id 41159, offset 0, flags [none], = proto ESP (50), length 124) hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaab), length 104 22:52:42.463673 IP (tos 0x0, ttl 53, id 41161, offset 0, flags [none], = proto ESP (50), length 124) hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaac), length 104 Thanks and regards, Michael >=20 >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5DAD8B80-FE3C-49D2-A645-EE144474D5FE>