From owner-freebsd-net@freebsd.org Fri Feb 22 18:48:41 2019 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 57D3C14F6984; Fri, 22 Feb 2019 18:48:41 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from kagate.punkt.de (kagate.punkt.de [217.29.33.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D597281E1B; Fri, 22 Feb 2019 18:48:40 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from hugo10.ka.punkt.de (hugo10.ka.punkt.de [217.29.44.10]) by gate2.intern.punkt.de with ESMTP id x1MImcGc082412; Fri, 22 Feb 2019 19:48:38 +0100 (CET) Received: from [217.29.46.121] ([217.29.46.121]) by hugo10.ka.punkt.de (8.14.2/8.14.2) with ESMTP id x1MImcVN006457; Fri, 22 Feb 2019 19:48:38 +0100 (CET) (envelope-from hausen@punkt.de) From: "Patrick M. Hausen" Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Subject: Re: Performance issues with VNET/bridge/VLAN Date: Fri, 22 Feb 2019 19:48:37 +0100 References: <9B0EC546-38E6-424E-9CC9-93F4C58B296F@punkt.de> <355c746ae7ec884407299e2649283cfc@ellael.org> To: FreeBSD Net , freebsd-jail@freebsd.org In-Reply-To: <355c746ae7ec884407299e2649283cfc@ellael.org> Message-Id: <8ABA2B5F-6A94-4907-B623-6B7E9BC83CB3@punkt.de> X-Mailer: Apple Mail (2.3445.9.1) X-Rspamd-Queue-Id: D597281E1B X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.95 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.95)[-0.951,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Feb 2019 18:48:41 -0000 Hi! > Am 22.02.2019 um 18:03 schrieb Michael Grimm : >=20 > Am 2019-02-22 11:31, schrieb Patrick M. Hausen: >=20 > [x-posted to freebsd-jail@freebsd.org] >=20 >> The machine is an iocage jail host, all jails with VNET. >> The problem is: network performance in the jails (not on the host!) = is abysmal >> with the second setup. Not consistently so, everything *seems* to = work >> but e.g. a customer complained that checking out a project from = github >> happend at 15k/s =E2=80=A6 that=E2=80=99s when we started to = investigate. >=20 > [...] >=20 >> *Any* idea what might be going on here? We use VNET all the same on = all the >> hosts and it is still labelled =E2=80=9Eexperimental", yes. But all = the parts that >> make up the different setups - bridge(4), vlan(4) - have been in = FreeBSD >> for ages. I=E2=80=99m just combining features orthogonally like every = good sysadmin ;-) >> If someone is willing to do some investigation, I think I can provide = a test >> system and remote access =E2=80=A6 >=20 > This sounds familiar to me, please have a look at the following two = threads: >=20 > = https://lists.freebsd.org/pipermail/freebsd-jail/2019-February/003684.html= > = https://lists.freebsd.org/pipermail/freebsd-net/2017-December/049470.html >=20 > If your hosts run on cloud infrastructure odds are that the mentioned = settings will work in your case. Bare metal. We *provide* cloud infrastructure by the means of jails and = VNET. See this URL for the shameless marketing plug [tm] ;-) Or my talk at = EuroBSDCon 2017 in Paris. https://infrastructure.punkt.de/de/produkte/proserver.html And no PF, no NAT, no IPFW - just the setup I showed in my first mail and of course epair(4) interfaces added to the bridge by iocage =E2=80=A6 We happened to have a handful of servers without enough free uplink = ports in the respective racks and thought we could get away cheaply using = trunks and VLANs. But I=E2=80=99ll fiddle with LRO nonetheless and report if that changes = anything. Thanks Patrick --=20 punkt.de GmbH Internet - Dienstleistungen - Beratung Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100 76133 Karlsruhe info@punkt.de http://punkt.de AG Mannheim 108285 Gf: Juergen Egeling