From owner-freebsd-net@FreeBSD.ORG Fri Mar 28 18:30:25 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D579106566B for ; Fri, 28 Mar 2008 18:30:25 +0000 (UTC) (envelope-from eagletree@hughes.net) Received: from n126.sc0.he.tucows.com (smtpout1100.sc0.he.tucows.com [64.97.144.100]) by mx1.freebsd.org (Postfix) with ESMTP id 6342C8FC1E for ; Fri, 28 Mar 2008 18:30:25 +0000 (UTC) (envelope-from eagletree@hughes.net) Received: from sc0-out02.emaildefenseservice.com (64.97.131.2) by n126.sc0.he.tucows.com (7.2.069.1) id 47AEF770006E1D4E for freebsd-net@freebsd.org; Fri, 28 Mar 2008 18:30:24 +0000 X-SpamScore: 2 X-Spamcatcher-Summary: 2, 0, 0, e3bcfac6d81a7b40, e4301484d0a2b177, eagletree@hughes.net, -, RULES_HIT:355:379:541:564:945:966:973:988:989:1260:1261:1277:1311:1313:1314:1345:1437:1515:1516:1518:1534:1542:1593:1594:1711:1730:1747:1766:1792:2196:2198:2199:2200:2393:2559:2562:2693:3354:3622:3636:3865:3866:3867:3868:3869:3870:3871:3872:3874:4250:4385:4774:5007:6117:6119:7652, 0, RBL:none, CacheIP:none, Bayesian:0.5, 0.5, 0.5, Netcheck:none, DomainCache:0, MSF:not bulk, SPF:, MSBL:none, DNSBL:none, TSO:0 X-Spamcatcher-Explanation: Received: from [192.168.0.3] (dpc6744118153.direcpc.com [67.44.118.153]) (Authenticated sender: eagletree@hughes.net) by sc0-out02.emaildefenseservice.com (Postfix) with ESMTP for ; Fri, 28 Mar 2008 18:30:18 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v753) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <921F19D4-0900-4975-B7D9-C0D6BCA1460D@hughes.net> Content-Transfer-Encoding: 7bit From: Chris Date: Fri, 28 Mar 2008 11:20:12 -0700 To: freebsd-net@freebsd.org X-Mailer: Apple Mail (2.753) Subject: if_bridge performance issue? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: snagit@cbpratt.prohosting.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Mar 2008 18:30:25 -0000 Hello, I was wondering if I'm seeing a normal issue with if_bridge and having an IP assigned to one of the interfaces within a bridge. I see a confusing performance problem when attempting to move data via sftp "to" the machine versus "through" the machine. The difference is quite pronounced. When I sftp through the bridge to another FreeBSD machine behind it (A very old and slow Compaq running FreeBSD 6.2), I get acceptable performance averaging 1.5MB Per Second. When I send to the IP on the interface of the bridge (coming in through the same em NIC), I get ~320KB Per Second. The bridge system uses modern SATA Drives so I'm pretty sure it's not disk speed slowing the bridge system. I've monitored IPFW to try and find a bottleneck in the rules for the local interface. It turns out it's just the opposite in that when passing through the system, many additional rules are traversed while the rules for the local interface immediately are passed on a dynamic rule. In fact the bridged traffic is passing through snort_inline via divert, the local interface traffic is not. I'm not sure I actually care that this performance difference is occurring since very little traffic will go to the bridge system, but it does make me wonder if I've done something odd to cause it. Is there any reason why the local interface on an if_bridge bridge computer would show worse performance for the same operations that pass through the bridge to other systems. The config is: Bridge System FreeBSD 7.0 Release, if_bridge and ipfw compiled into the Kernel Dual CPU Intel Supermicro with SATA drives Dual port em NICs (have tried multiples now) Test Server behind Bridge FreeBSD 6.2 Release, runs just apache and sshd 900mhz Athlon with IDE Drives Single port em NIC Test Client Dual Macintosh G5 tower running 10.4 OS-X Results SFTP to Bridge System File Size: 46 MB, Duration of transfer: ~2.25 Minutes, Reported Performance: 324KBPS SFTP to Test Server File Size: 46 MB, Duration of transfer: ~34 Seconds, Reported Performance: 1.4MBPS rc.conf relevant entries: ifconfig_em1="inet 192.168.0.221 netmask 255.255.255.0 media 100baseTX mediaopt full-duplex polling" ifconfig_em0="media 100baseTX mediaopt full-duplex polling" # em0 LAN, em1 T1 WAN cloned_interfaces="bridge0" ifconfig_bridge0="addm em0 up addm em1 up" (note, both tests are incoming through em1.)