From owner-freebsd-net@freebsd.org  Wed Aug 26 12:45:02 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BB2AF99ADE4
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Wed, 26 Aug 2015 12:45:02 +0000 (UTC)
 (envelope-from Mark.Martinec+freebsd@ijs.si)
Received: from mail.ijs.si (mail.ijs.si [IPv6:2001:1470:ff80::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 72104E05
 for <freebsd-net@freebsd.org>; Wed, 26 Aug 2015 12:45:02 +0000 (UTC)
 (envelope-from Mark.Martinec+freebsd@ijs.si)
Received: from amavis-ori.ijs.si (localhost [IPv6:::1])
 by mail.ijs.si (Postfix) with ESMTP id 3n1RjR370Kz12R
 for <freebsd-net@freebsd.org>; Wed, 26 Aug 2015 14:44:59 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ijs.si; h=
 user-agent:message-id:references:in-reply-to:organization
 :subject:subject:from:from:date:date:content-transfer-encoding
 :content-type:content-type:mime-version:received:received
 :received:received; s=jakla4; t=1440593097; x=1443185098; bh=YMQ
 jkSnMWXNUL9S44NRswVeGgQ6FzyHHRqrybbRUYu4=; b=kuKtdDwAkHA+1DMSckY
 JHCB9q/eYNAUORPCNbkjmA9SsgKMRTvdjJnMG1Y4pCy57TqEkiicwlmFEabeJjyr
 RMTU38Md+G/0U8r4Ter33A10K/9Bp0eEb0x++b/9sDuYLrUTEYuieevq/dwQMEuX
 8r+mWsailLLGnGKq2bXjr77o=
X-Virus-Scanned: amavisd-new at ijs.si
Received: from mail.ijs.si ([IPv6:::1])
 by amavis-ori.ijs.si (mail.ijs.si [IPv6:::1]) (amavisd-new, port 10026)
 with LMTP id 43Ed80tozssV for <freebsd-net@freebsd.org>;
 Wed, 26 Aug 2015 14:44:57 +0200 (CEST)
Received: from mildred.ijs.si (mailbox.ijs.si [IPv6:2001:1470:ff80::143:1])
 by mail.ijs.si (Postfix) with ESMTP id 3n1RjP03BVz12C
 for <freebsd-net@freebsd.org>; Wed, 26 Aug 2015 14:44:57 +0200 (CEST)
Received: from nabiralnik.ijs.si (mailbox.ijs.si [IPv6:2001:1470:ff80::143:1])
 by mildred.ijs.si (Postfix) with ESMTP id 3n1RjN6HjGz87
 for <freebsd-net@freebsd.org>; Wed, 26 Aug 2015 14:44:56 +0200 (CEST)
Received: from neli.ijs.si ([2001:1470:ff80:88:21c:c0ff:feb1:8c91])
 by nabiralnik.ijs.si
 with HTTP (HTTP/1.1 POST); Wed, 26 Aug 2015 14:44:56 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Wed, 26 Aug 2015 14:44:56 +0200
From: Mark Martinec <Mark.Martinec+freebsd@ijs.si>
To: freebsd-net@freebsd.org
Subject: Re: ssh over WAN: TCP window too small
Organization: Jozef Stefan Institute
In-Reply-To: <20150826082457.GQ33167@funkthat.com>
References: <55DCF080.7080208@stankevitz.com>
 <20150826010323.GN33167@funkthat.com> <55DD2A98.2010605@stankevitz.com>
 <20150826082457.GQ33167@funkthat.com>
Message-ID: <4e28129672e933ab87f1a4cabc9575dc@mailbox.ijs.si>
X-Sender: Mark.Martinec+freebsd@ijs.si
User-Agent: Roundcube Webmail/1.1.2
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2015 12:45:02 -0000

Chris Stankevitz wrote:

> # cat /dev/urandom | ssh root@host 'cat > /dev/null'
> 
> I use the above ssh command over a high-BDP WAN link (80 ms @ 100 
> Mbps).
> tcpdump shows I am TCP window limited to 64 KBytes (yielding 5 Mbps).
> iperf with default options gets the window opened to 500 KBytes 
> (yielding 35 Mbps).
> 
> Both sides of the connection: FreeBSD 10.1 w/default sshd options
> (except I permit root login).  In particular, HPN is not disabled.
> 
> Can anyone explain my abysmally small TCP window?
> 
> Can anyone recommend some tools/tricks to figure out what in FreeBSD
> and/or base SSH is limiting the send/recv buffer and/or TCP window?

As an alternative to ssh for copying large files across high-BDP WAN 
links
consider sysutils/bbcp, optionally coupled with security/hpenc for 
encryption.

  Mark