From owner-freebsd-current@freebsd.org Fri May 19 15:04:19 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AADD5D73591 for ; Fri, 19 May 2017 15:04:19 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7E0EDD9F for ; Fri, 19 May 2017 15:04:19 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from [10.1.1.2] (unknown [10.1.1.2]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id D15D413EEE for ; Fri, 19 May 2017 15:04:11 +0000 (UTC) Subject: Re: Ssh.. can we please have HPN back? To: freebsd-current@freebsd.org References: <201705190401.v4J41fL5069451@pdx.rh.CN85.dnsmgr.net> From: Allan Jude Message-ID: Date: Fri, 19 May 2017 11:03:59 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <201705190401.v4J41fL5069451@pdx.rh.CN85.dnsmgr.net> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="df1CVOKdiclfIr689J2QeNvPwA5J8S11o" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 May 2017 15:04:19 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --df1CVOKdiclfIr689J2QeNvPwA5J8S11o Content-Type: multipart/mixed; boundary="k4csHIEQXvUld1e9I0BWwml6MwlVd886k"; protected-headers="v1" From: Allan Jude To: freebsd-current@freebsd.org Message-ID: Subject: Re: Ssh.. can we please have HPN back? References: <201705190401.v4J41fL5069451@pdx.rh.CN85.dnsmgr.net> In-Reply-To: <201705190401.v4J41fL5069451@pdx.rh.CN85.dnsmgr.net> --k4csHIEQXvUld1e9I0BWwml6MwlVd886k Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2017-05-19 00:01, Rodney W. Grimes wrote: >> So after stripping out the HPN version of ssh from our product becasue= >> "it was no longer needed" we dicovered that we were premature in doing= so. >> Apparently ssh still really needs HPN to get any throughput at all whe= n >> there are latencies involved. >> >> >> For example, with HPN we get 13MB/sec between the Azure US west >> Data center and the Azure East data center.But the standard ssh in 10.= 3 >> (with HPN stripped out) can barely manage 2MB/sec transfers. >> >> I did ask at the time whether it was proved that the new ssh didn't=20 >> require the HPN changes, >> and was assured, "no" but it would appear that the picture isn't as cl= ear. >> tht seems silly to have to import the port when we have what would=20 >> otherwise be a >> perfectly good ssh as part of hte system, and it's really annoying=20 >> having to specify >> /usr/local/bin/scp or /usr/local/bin/ssh in every script. >> >> So can we please have the latest version of the HPN changes back in=20 >> the default system please? >> It seem rather odd that the upstream openssh has had this problem for = >> SO LONG and not fixed it. >=20 > Allan Jude has recently done a bunch of work on this though I do > not know its current status of being either upstreamed (I know > some of it well not be accepted from conversations with Allan) > or commited to the tree. >=20 I hope to have the most important part of the patch rebased on the latest upstream version of OpenSSH by the end of this weekend. The versions I built and benchmarked for AsiaBSDCon were based on the HPN patched openssh-portable from ports, but I think the change required to actually make ssh not suck will only be a few lines, and will be acceptable by upstream. The big issue is in the channel_check_window() The condition for growing the SSH window is if we have received 3 times the max packet size. For some reason this constant small growth of the SSH window never lets the TCP socket buffer grow. This behaviour was added in OpenSSH 4.7 (Jun 2007), and makes sense for interactive ssh sessions. More detail in my paper, see the 'Broken Windows' chapter: http://allanjude.com/bsd/AsiaBSDCon2017_-_SSH_Performance.pdf Anyway, my fix was to only allow that condition to result in moving the SSH window forward if packet_is_interactive(). In the bulk transfer case, it falls back to using the other (original) condition of 'half of the local window max has been consumed'. The other condition is a modified version of one of the HPN patches. We do a getsockopt SO_RCVBUF to check the size of the tcp socket buffer, and if the remaining part of the SSH window has fall below the size of the socket buffer, we grow the SSH window by 150%, up to SSHBUF_SIZE_MAX https://github.com/rapier1/openssh-portable/compare/master...allanjude:dy= namic_window_fix.diff I just need to rejigger it a bit so it doesn't depend on the HPN support functions and becomes an independent patch. Figure 3 and Figure 4 show what difference HPN makes when you add latency, but also show without my patch, HPN only solves the recv case, not the send case. --=20 Allan Jude --k4csHIEQXvUld1e9I0BWwml6MwlVd886k-- --df1CVOKdiclfIr689J2QeNvPwA5J8S11o Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJZHwlrAAoJEBmVNT4SmAt+i68QAMZmEEs3c3R5yg+QihxrGJjX OcOjYOJGriyuKU/7PJNebalP4q/YRvuHG1KvMbijq1dX52c/YXWSnZXOuWY44lI8 9nhxXam/GTClHPD+PX9NJuUs5JlcxX+cYO38QFV9t2tmrkBsgKLyYRaVdTcBQbsb UWHutsWBi+h/zoXAY8VGU7SD0XS1MkZpXVELbK+fLrNZzneIhnwAAMWlUL9edk2k zCYBnOJF04nD5bnUAMJqNV1hWhuPAmei67C4YYu4+e6728seb7gAkgOp0isUlR5U PJce/wKdCzY/L1HC76tbo+/9V3d734n/Kfl5Grjj9rDgadUrf7N2erSoMxNFAWyR LwB1Sl7LbSPHZDaLBfZPzYfS81zeVfBAvUclyuz87KTr+9L0K6URErOvTa1MBC3U ncs7gw2A/9Panfn3764Ou2FUUE1kHE1J4wc62rlFIewcdT5JRpr0KZf5UESjXIgU aZy0/8Zpz1TVP8j/qIWq0WYBFzeIvjLQD7LhSr3yfZ0pW/4W9zisjncISXnKpUuz zYHUDe2ys6A1Bqyx10gK2A3XW2zdOpZ10hrY62g/ROVvieWU7f0owF4b7OTUnJ0S H4XCiy+1IFjVoBD0Z/BP7wkiP0PZQ+cCSOO4XooG45rl6Q0pT16pkpi0sVq0h5tz uzV2VepkWoPCXAj4s74X =q3xB -----END PGP SIGNATURE----- --df1CVOKdiclfIr689J2QeNvPwA5J8S11o--