FreeBSD Mail Archives

Date:      Mon, 19 Feb 2018 09:58:30 +0000
From:      Laurence Pawling <laurence.pawling@globalsign.com>
To:        "freebsd-xen@freebsd.org" <freebsd-xen@freebsd.org>, "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Cc:        David King <david.king@globalsign.com>, Vlad Galu <vlad.galu@globalsign.com>
Subject:   multi-vCPU networking issues as client OS under Xen
Message-ID:  <D1AF75E7-49F9-4628-8B26-3ACB64994C97@globalsign.com>

next in thread | raw e-mail | index | archive | help


[-- Attachment #1 --]
Hi all,

 

I’m wondering if anyone here has seen this issue before, I’ve spent the last couple of days troubleshooting:

 

Platform:

Host: XenServer 7.0 running on 2 x E2660-v4, 256GB RAM

Server VM: FreeBSD 11 (tested on 11.0-p15 and 11.1-p6), 2GB RAM (also tested with 32GB RAM), 1x50GB HDD, 1 x NIC, 2 or more vCPUs in any combination (2 sockets x 1 core, 1 socket x 2 cores, …)

Client VM: FreeBSD 11, any configuration of vCPUs, RAM and HDD.

 

Behaviour:

Sporadic interruption of TCP sessions when utilising the above machine as a “server” with “clients” connecting. Looking into the communication with pcap/Wireshark, you see a TCP Dup Ack sent from both ends, followed by the client sending an RST packet, terminating the TCP session. We have also seen evidence of the client sending a Keepalive packet, which is ACK’d by the server before the RST is sent from the client end.

 

To recreate:

On the above VM, perform a vanilla install of nginx:

pkg install nginx

service nginx onestart

Then on a client VM (currently only tested with FreeBSD), run the following (or similar):

for i in {1..10000}; do if [ $(curl -s -o /dev/null -w "%{http_code}" http://10.2.122.71) != 200 ] ; then echo "error"; fi; done

When vCPUs=1 on the server, I get no errors, when vCPUs>1 I get errors reported. The frequency of errors *seems* to be proportional to the number of vCPUs, but they are sporadic with no clear periodicity or pattern, so that is just anecdotal. Also, the problem seems by far the most prevalent when communicating between two VMs on the same host, in the same VLAN. Xen still sends packets via the switch rather than bridging internally between the interfaces.

Note that we have not had a chance to investigate the effect of different numbers of CPUs on the *client* end, however it does seem to be governed entirely by the server end.

 

We cannot recreate this issue using the same FreeBSD image and same configuration, but using KVM as a hypervisor.

 

Has anyone met this before?

 

Thanks,

 

Laurence


[-- Attachment #2 --]
0��	*�H��
���0��10
	`�He0	*�H��
��
�0�b0�J�I}��Ip����0
	*�H��
0]10	UBE10U
GlobalSign nv-sa1301U*GlobalSign PersonalSign 2 CA - SHA256 - G30
160826143608Z
190827143608Z0��10	UGB1
0UKent10U	Maidstone10U
GMO GlobalSign Limited10ULaurence Pawling1.0,	*�H��
	laurence.pawling@globalsign.com0�"0
	*�H��
�0�
��\�'�j9I����7�[�N���%��v����R�+�y�y�������7iw�Y����
�N���K��gcf`��`q*d��,e��z�F�X����y����]MZ⏂�|�MZn9B����zMec�i2�y���@�����%��$�`>]#���թ�#qr �}=�ګ�9ދĭyj!�e^6�9�oB��e�ҸS������,Q���>K[
���a� ͅ�l�&���ƚ��
ؖp&����0��0U��0��+��0��0M+0�Ahttp://secure.globalsign.com/cacert/gspersonalsign2sha2g3ocsp.crt0=+0�1http://ocsp2.globalsign.com/gspersonalsign2sha2g30MU F0D0B
+�2(
0402+&https://www.globalsign.com/repository/0	U00DU=0;09�7�5�3http://crl.globalsign.com/gspersonalsign2sha2g3.crl0*U#0!�laurence.pawling@globalsign.com0U%0++0U�"�7��_��<�Qe�f�p�0U#0�ir�b1g�D�w���6I�{a0
	*�H��
�# �e��=�ᩪ��5�q�¥Ud�E�v�T,'
 �J�_�-i(��F7'IUN;ֻ�L��T�����������2��N�O��V��)�B�i+�H�(�f��?�׀���Y��LyK=F\�S_g\/de��{���I&�g�N���Vt7�ٕq�~3%�Tbs���xX68(�Fi0�*ݺ8���	x�I��Q��w[��(Ŵ;��>��Z�ΘO����H�T���`���i�l����q��˞5��0��0�РHj	��$�]"��0
	*�H��
0L1 0UGlobalSign Root CA - R310U

GlobalSign10U
GlobalSign0
160615000000Z
240615000000Z0]10	UBE10U
GlobalSign nv-sa1301U*GlobalSign PersonalSign 2 CA - SHA256 - G30�"0
	*�H��
�0�
���h�e�,�b�
T��ˤC�������mo�����{�����p�lI�ip�85~H]9kD�j��t�]��>cqD�>�ɧ��n&A)��I���v����y�K(�J{�Q�eP���J��F��Oܲ�=Ϙ!	�L��z�?7&eG�f�I&��@�f=l�:�)F����뙧���_Pm�o��8/N��G��ؤ�A`��7Z��;���h.��H6��i���G���Q���,��I���SS��r�|�q>��g����0��0U�0jU%c0a+++	
+�7
+�7
	+�7
+�7
++0U�0�0Uir�b1g�D�w���6I�{a0U#0���K�.E$�MP�c������0>+2000.+0�"http://ocsp2.globalsign.com/rootr306U/0-0+�)�'�%http://crl.globalsign.com/root-r3.crl0gU `0^0	+�2(0
+�2(
0A	+�2_0402+&https://www.globalsign.com/repository/0
	*�H��
����2�|g�Pץ\p�f�%�괶S0n�7\3��(V㓽E��X�qL�䂉����G��T�>濾���y�("�z��*�I���'�l�UJ��hPtX�EO��^0�U&4������aR�P�r�r�gn�`���D;G�u����G��!1��A"�V�����Qd"�܁~~���|[�몟��V{뤸,,���$Y�D>�^�g_|lR�1+ڽ��ն��"T�@�9��u�0�_0�G�!XS�0
	*�H��
0L1 0UGlobalSign Root CA - R310U

GlobalSign10U
GlobalSign0
090318100000Z
290318100000Z0L1 0UGlobalSign Root CA - R310U

GlobalSign10U
GlobalSign0�"0
	*�H��
�0�
��%v�yx"������(��vŭ�r�FCǲ��_$�.K�`�F�R��Gpl�d���,��=+��׶�y�;�w��I�jb/^��h߉'�8��>��&Y
sް��&���[��`�I�(�i;���(�坊aW7�t�t�:�r/.��л��=�3�+�S�:s��A :�����O�.2`�W˹�hh�8&`u��w��� I��@H�1a^���w�d�z�_��b�
l�Ti��n郓qv�i���B0@0U�0U�0�0U��K�.E$�MP�c������0
	*�H��
�K@��P������TEI��	A����(3�k�t��-��
������sgJ��D{x�nlo)�39EÎ�Wl����S�-�$l��c��ShgV>���5!��h����S�̐���]F���zX(/��7A��Dm�S(�~�g׊����L'�Lssv���z�-�
,�<�U�~6��WI��.-|`��AQ#���2k����,3:;%҆@�;,�x�a/���Uo߄�	M�(�r��bPe뒗�1ٳ��GX?_1�0��0m0]10	UBE10U
GlobalSign nv-sa1301U*GlobalSign PersonalSign 2 CA - SHA256 - G3I}��Ip����0
	`�He�i0/	*�H��
	1" u��~ז �7G9�F 8՝����j��ٕڇG�0	*�H��
	1	*�H��
0	*�H��
	1
180219095827Z0
	*�H��
��	����q�ӝMHdn����/;Oι`�ː$'���Ax�!��̭�S��H	h�zcQ������ޟ��`����|Xۧ5��v����<aC���1%�"6b;�%T�N���(}=��k"�6^��FWo�<I��(�'W��`p�o���/��.�8�(g��9�VOZx�[�����B�J�b�Սr�`O���5���/͓5pm����3�N���J�C=ڬ�|ä]�{��}v7HY^U|XY�F�%Hr�h

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D1AF75E7-49F9-4628-8B26-3ACB64994C97>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation