From owner-freebsd-net@freebsd.org Sun Dec 10 20:06:34 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74FDCE99CE2 for ; Sun, 10 Dec 2017 20:06:34 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E91BE807F0 for ; Sun, 10 Dec 2017 20:06:33 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id vBAK6Rhj098418 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 10 Dec 2017 21:06:28 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: trashcan@ellael.org Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id vBAK6NJj050819 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 11 Dec 2017 03:06:23 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: [IPsec] Weird performance issue via IPsec/racoon tunnel To: Michael Grimm , freebsd-net@FreeBSD.org References: <7A6EF712-920E-40BF-B155-113EE6C00AEA@ellael.org> <5A2D703F.8040004@grosbein.net> <3B480730-FF34-45B8-8636-9FCD4E97A2B9@ellael.org> From: Eugene Grosbein Message-ID: <5A2D93BA.9020709@grosbein.net> Date: Mon, 11 Dec 2017 03:06:18 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <3B480730-FF34-45B8-8636-9FCD4E97A2B9@ellael.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.6 LOCAL_FROM From my domains X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Dec 2017 20:06:34 -0000 11.12.2017 2:54, Michael Grimm wrote: > I did already lower MTU: If I do configure vtnet0 to a MTU of 1490 at boot time I do not not notice a performance loss compared to the default 1500 setting. > >>> *BUT* if I do a "ifconfig vtnet0 mtu 1450 up ; ifconfig vtnet0 mtu 1500 up" I do observe: >>> >>> #) scp NEW to OLD via IPsec tunnel: 17.1 MB/s ! >>> #) scp OLD to NEW via IPsec tunnel: 16.9 MB/s > > > *BUT* if I do boot with the default 1500 setting, > changing the MTU to e.g. 1450 and *immediately* back to 1500 manually, > I do not encounter any performance loss at all. Why? > Even when booting 1490 and immediately setting the MTU manually to 1500 I do not see any performance loss. Strange. Interface MTU is used to assing 'mtu' attribute to corresponding route in the system routing table. Lowering interface MTU lowers route mtu, but raising interface MTU does *not* raises route mtu, use "route -n get" command to check it out. So, you still use low mtu really. >> To verify if it's your case, you should run two tcpdump commands, >> one at sending side and another at receiving size >> and compare outputs to see if *every* outgoing packet reaches its destination or not. > > Hmm, how would one check that? The output is to fast for me ;-) Seriously, how should one check this? With your eyes :-) Use tcpdump -c flag to limit number of lines, redirect output to a file and carefully compare some packets using their ID that tcpshow shows.