Date: Fri, 23 Jan 2004 10:51:33 -0500 (EST) From: Robert Watson <rwatson@freebsd.org> To: Karl Pielorz <kpielorz@tdx.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD tunnels / performance et'al (gif/tun etc.) Message-ID: <Pine.NEB.3.96L.1040123105004.95365I-100000@fledge.watson.org> In-Reply-To: <12844453.1074872903@raptor>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 23 Jan 2004, Karl Pielorz wrote: > > On Tue, 20 Jan 2004, Karl Pielorz wrote: > > > >> I've just setup a FreeBSD tunnel (we've tried both gif and tun [via > >> nos-tun]) now between two fairly large networks of machines... > > > > What version of FreeBSD are you using? If using FreeBSD 5.x, you may well > > want to switch to 4.x for at least one more minor version, as interrupt > > latency hasn't been optimized in 5.x yet since the move to interrupt > > threads, and the network stack also runs with Giant in 5.2 out of the > > box. I wouldn't think this would hurt you as much as seen below, but > > it's worth keeping in mind. > > > > Also, I would generally expect gif, gre, et al, to be faster than > > tun-based tunneling, as they avoid the trip through userspace, which > > involves a number of packet copies. > > We're already using 4.9. I also take your point about gif being quicker > than switching to user space and back (And, in testing - tun was indeed > even slower than gif). > > In the end we fixed this problem by putting stupidly fast machines at > each end (i.e. P4 2.6Ghz) - we also made some tweaks to the tcp sysctls > (such as disabling delayed acks, and closing the window size down) - > which also seemed to help. > > I'm just wondering if it was something 'weird' such as the delay over > the tunnel being on average 'just the right delay time' to cause > problems that you wouldn't get on a LAN or something? :) I agree that something sounds weird -- I've had no problem tunneling hundreds of megabits using similar hardware to what you're using, and what sounds like a similar configuration. So it seems like someting is going on. Do you have any load information available on the systems -- i.e., interrupt rate as measured by vmstat, cpu usage, etc? Are you using natd or other address space translation? Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040123105004.95365I-100000>