Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 10 Dec 2017 21:20:26 +0100
From:      Michael Grimm <trashcan@ellael.org>
To:        Eugene Grosbein <eugen@grosbein.net>
Cc:        freebsd-net@FreeBSD.org
Subject:   Re: [IPsec] Weird performance issue via IPsec/racoon tunnel
Message-ID:  <FF3F1C00-97B0-43C3-B32B-F4546D71D781@ellael.org>
In-Reply-To: <5A2D93BA.9020709@grosbein.net>
References:  <7A6EF712-920E-40BF-B155-113EE6C00AEA@ellael.org> <5A2D703F.8040004@grosbein.net> <3B480730-FF34-45B8-8636-9FCD4E97A2B9@ellael.org> <5A2D93BA.9020709@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Eugene Grosbein <eugen@grosbein.net> wrote:
> 11.12.2017 2:54, Michael Grimm wrote:


>> *BUT* if I do boot with the default 1500 setting,
>> changing the MTU to e.g. 1450 and *immediately* back to 1500 =
manually,
>> I do not encounter any performance loss at all. Why?
>> Even when booting 1490 and immediately setting the MTU manually to =
1500 I do not see any performance loss. Strange.
>=20
> Interface MTU is used to assing 'mtu' attribute to corresponding route =
in the system routing table.
> Lowering interface MTU lowers route mtu, but raising interface MTU =
does *not* raises route mtu,
> use "route -n get" command to check it out. So, you still use low mtu =
really.

Bingo!=20

	NEW> ifconfig vtnet0
	vtnet0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> =
metric 0 mtu 1490

	NEW> route -n get freebsd.org
	...
	 recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    =
expire
	       0         0         0         0      1490         1       =
  0=20

	NEW> ifconfig vtnet0 mtu 1500 up
	NEW> ifconfig vtnet0
	vtnet0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> =
metric 0 mtu 1500

	NEW> route -n get spiegel.de
	...
	 recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    =
expire
	       0         0         0         0      1490         1       =
  0=20


I didn't know that. And that explains all my observations.

>> Hmm, how would one check that? The output is to fast for me ;-) =
Seriously, how should one check this?
>=20
> With your eyes :-) Use tcpdump -c flag to limit number of lines, =
redirect output to a file
> and carefully compare some packets using their ID that tcpshow shows.

Ok. I will do that at some later time ;-)

I'd like to thank you again for your input and with kind regards,
Michael

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FF3F1C00-97B0-43C3-B32B-F4546D71D781>