Date: Tue, 14 Jul 2015 23:44:59 +0200 From: Sydney Meyer <syd.meyer@gmail.com> To: freebsd-xen@freebsd.org Subject: Re: Networking under Xen Message-ID: <4B6D4AEF-6107-4F95-9F5A-F0EA137809AC@gmail.com> In-Reply-To: <1436890526.3162974.323521249.6B73E6E2@webmail.messagingengine.com> References: <4E7B7075-4E0D-4EA7-9F5D-6D252CFBD487@gmail.com> <1436890526.3162974.323521249.6B73E6E2@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 14 Jul 2015, at 18:15, Mark Felder <feld@FreeBSD.org> wrote: >=20 >=20 >=20 > On Tue, Jul 14, 2015, at 07:36, Sydney Meyer wrote: >> Hello everybody, >>=20 >> i have noticed some odd behaviour with networking under Xen with = FreeBSD >> 10 as a DomU. >>=20 >> - IPv6 (TCP) bandwith drops from ~10 Gbit/s IPv4 to around 3 Gbit/s = IPv6. >> (measured with iperf) >>=20 >=20 > What is the "before" and "after" here? When is FreeBSD successfully > doing 10Gbit/s and when isn't it? Is pf enabled? Are you scrubbing? With two clean 10.1 AMD64 DomU installations both with a single, pinned = cpu, without pf enabled the TCP performance between the two hosts, = measured with iperf, differs between ~10 Gb/s on IPv4 and ~3 Gb/s on = IPv6. With pf enabled and "scrub in all" the difference is almost the = same. >=20 >> - Dropped/Stalled Connections with TCP Segmentation Offload and pf >> enabled. >>=20 >=20 > TSO is a known issue. I've been turning it off for years to get = FreeBSD > to play nice on Xen. This one i am still investigating, because it happens only in "certain" = situations (which are not clear to me, atm), but the host seems to drop = ACK Packets in some situations like when connected to via IPSEC or via = double NAT. This happens only when pf it actually enabled. Disabling TSO = on the xn-interface seems to help. >=20 >> - IPSEC-enabled Kernel TCP Performance drops from ~10 Gbit/s to ~200 >> Mbit/s (iperf). >>=20 >=20 > Are you saying FreeBSD non-IPSEC kernel can do 10Gbit/s TCP = performance, > but IPSEC kernel immediately drops it to 200Mbit/s? As for the apparent performance drop with IPSEC enabled Kernels without = security associations installed, i am unable to reproduce this now, not = on 10.0 or 10.1 nor 10 STABLE. Only when actually _using_ IPSec the = performance drops from ~10Gb/s to around ~200Mb/s whether actually = encrypting esp traffic or not. This clearly must have been a mistake on my side, although i could have = sworn that i checked this two times before asking on the forums and the = -net mailing list a few weeks ago. Well then, i am sincerely sorry about = this one. > _______________________________________________ > freebsd-xen@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-xen > To unsubscribe, send any mail to "freebsd-xen-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B6D4AEF-6107-4F95-9F5A-F0EA137809AC>