Date: Thu, 21 Dec 2017 22:59:37 +0100 From: Michael Grimm <trashcan@ellael.org> To: Eugene Grosbein <eugen@grosbein.net> Cc: Kristof Provost <kristof@sigsegv.be>, freebsd-net@freebsd.org, freebsd-jail@FreeBSD.org Subject: Re: performance issue within VNET jail Message-ID: <5DAD8B80-FE3C-49D2-A645-EE144474D5FE@ellael.org> In-Reply-To: <5A3C2C42.6060904@grosbein.net> References: <4F5EE3F6-0163-4435-8726-56B0D4AE9FAF@ellael.org> <B6446660-9FD2-4C28-A3A2-8AC99624C7FF@sigsegv.be> <8102F5FD-DCFC-4EF8-A443-9E6C9EB1F467@ellael.org> <DB5DE737-7171-4953-AF98-45F1BE7AF09E@sigsegv.be> <BE008733-5AD8-4DAC-A6A5-BC3FCEC16202@ellael.org> <5A3C2C42.6060904@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 21. Dec 2017, at 22:48, Eugene Grosbein <eugen@grosbein.net> wrote:
>=20
> 22.12.2017 4:42, Michael Grimm wrote:
>=20
>> Well I prepared on of my webservers running at hostB/jailX to serve a =
sample file for local downloading tests:
>>=20
>> 1) hostA wget from hostB/jailX sample file: about 30 MB/s
>> 2) hostA/jailY wget from hostB/jailX sample file: about 30 =
MB/s
>> 3) hostB wget from hostB/jailX sample file: about 190 MB/s
>> 4) hostB/jailY wget from hostB/jailX sample file: about 190 =
MB/s
>>=20
>> Hmm. At least tests 3) and 4) omit the pf firewall. Tests 1) qnd 2) =
include passing two firewalls, one at each host. BUT: Both hosts are =
connected via an IPSec tunnel, and that's esp not tcp.
>>=20
>> Can anyone draw conclusions from this test?=20
>> I cannot ;-)
>=20
> Make sure and double check that your ESP packets do not get =
fragmented.
Hmm, I do not know how to achieve that. May the following tcpdump =
excerpts answer your question, or do you want me to look somewhere else?
At hostA while downloading from hostB/jailX and "tcpdump -i extIF esp =
-vv"
22:52:42.341023 IP (tos 0x0, ttl 64, id 40481, offset 0, flags [none], =
proto ESP (50), length 140)
hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5fe699), length 120
22:52:42.341079 IP (tos 0x0, ttl 53, id 64310, offset 1480, flags =
[none], proto ESP (50), length 100)
hostB > hostA: ip-proto-50
22:52:42.341151 IP (tos 0x0, ttl 64, id 40483, offset 0, flags [none], =
proto ESP (50), length 140)
hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5fe69a), length 120
22:52:42.341169 IP (tos 0x0, ttl 53, id 64312, offset 1480, flags =
[none], proto ESP (50), length 100)
hostB > hostA: ip-proto-50
22:52:42.341238 IP (tos 0x0, ttl 53, id 64314, offset 1480, flags =
[none], proto ESP (50), length 100)
hostB > hostA: ip-proto-50
At hostB the same dump looks like:
22:52:42.463511 IP (tos 0x0, ttl 53, id 41153, offset 0, flags [none], =
proto ESP (50), length 124)
hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaa8), length 104
22:52:42.463518 IP (tos 0x0, ttl 53, id 41155, offset 0, flags [none], =
proto ESP (50), length 124)
hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaa9), length 104
22:52:42.463593 IP (tos 0x0, ttl 53, id 41157, offset 0, flags [none], =
proto ESP (50), length 124)
hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaaa), length 104
22:52:42.463601 IP (tos 0x0, ttl 53, id 41159, offset 0, flags [none], =
proto ESP (50), length 124)
hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaab), length 104
22:52:42.463673 IP (tos 0x0, ttl 53, id 41161, offset 0, flags [none], =
proto ESP (50), length 124)
hostA > hostB: ESP(spi=3D0x01d9ec34,seq=3D0x5feaac), length 104
Thanks and regards,
Michael
>=20
>=20
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5DAD8B80-FE3C-49D2-A645-EE144474D5FE>