From owner-freebsd-net@freebsd.org Sun Oct 25 17:01:53 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5A4C8288 for ; Sun, 25 Oct 2015 17:01:53 +0000 (UTC) (envelope-from James@Lodge.me.uk) Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3on0125.outbound.protection.outlook.com [157.55.234.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "MSIT Machine Auth CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 378381767 for ; Sun, 25 Oct 2015 17:01:52 +0000 (UTC) (envelope-from James@Lodge.me.uk) Received: from VI1PR06MB1037.eurprd06.prod.outlook.com (10.162.123.156) by VI1PR06MB1040.eurprd06.prod.outlook.com (10.162.123.16) with Microsoft SMTP Server (TLS) id 15.1.306.13; Sun, 25 Oct 2015 16:46:58 +0000 Received: from VI1PR06MB1037.eurprd06.prod.outlook.com ([10.162.123.156]) by VI1PR06MB1037.eurprd06.prod.outlook.com ([10.162.123.156]) with mapi id 15.01.0306.003; Sun, 25 Oct 2015 16:46:58 +0000 From: James Lodge To: "freebsd-net@freebsd.org" Subject: Jail - PF - NAT - Network Performance Thread-Topic: Jail - PF - NAT - Network Performance Thread-Index: AQHRD0CmbA4uAEGug0il9nIvPZfXmA== Date: Sun, 25 Oct 2015 16:46:56 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=James@Lodge.me.uk; x-originating-ip: [81.174.132.199] x-microsoft-exchange-diagnostics: 1; VI1PR06MB1040; 5:0tRb1EF+l9DsErC56hB9wnlHV9PZ6DXSo8KgM4SsMPB+4P4bHN8qdy6WpcHKbLyur+Gwgmn7lyaDJ6RjEGiCta25hsKkUGDTTIx7SEAr1S8ZXqR1tORrhMu+6KnwVemTZHQrQBmhgQTLpvtcJ3Q7Iw==; 24:FRKXi5cjVcp7PIvz2huCBkMdb2cR3Jl5NWaf7/CKEN+U43wKyc5PjMP7ytLaiYkP5i5XQLgaldvaAtxIipHLJZSV8BUQS2PmIdMRPQIxGvw=; 20:/YAqQWy3tOHOezS3GKF9kpZnTM8G2L1SAG6OywhbeBU8WVQ1kfpoGvVen8t9zddlWh/p6NVx3WJWrY+PoyowvQ== x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR06MB1040; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(520078)(5005006)(3002001)(102215026); SRVR:VI1PR06MB1040; BCL:0; PCL:0; RULEID:; SRVR:VI1PR06MB1040; x-forefront-prvs: 074040B844 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(54094003)(189002)(199003)(10400500002)(110136002)(97736004)(81156007)(5008740100001)(107886002)(5001960100002)(19625215002)(229853001)(50986999)(74316001)(11100500001)(5003600100002)(54356999)(101416001)(106356001)(80792005)(105586002)(106116001)(2351001)(19627405001)(76576001)(87936001)(86362001)(5007970100001)(5004730100002)(2501003)(450100001)(40100003)(33656002)(2900100001)(16236675004)(102836002)(77096005)(122556002)(92566002)(66066001)(189998001)(5002640100001)(74482002); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR06MB1040; H:VI1PR06MB1037.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: Lodge.me.uk does not designate permitted sender hosts) spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: Lodge.me.uk X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Oct 2015 16:46:56.9230 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ded56ae9-7c77-4cf6-bbfd-39e6a505742d X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR06MB1040 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Oct 2015 17:01:54 -0000 Dear All, I wonder if you'd be so kind as to help/point me in the right direction in = order to fix a network performance issue I seem to have. I currently have a FreeBSD 10.1 host running on Digital Ocean. I have multi= ple jails and I'm not using vimage. I'm using PF on the host to NAT traffic from said jails and all is working = as expected. I have a jail running OpenVPN and clients can connect and traf= fic is routed to the Internet down the tunnel via PF/NAT. The issue I'm see= ing is download speeds to the client from the Internet on the external side= on PF. Upload always seem reasonable, but download is always woeful. I'm u= sing a Windows machine as the client if that make any odds. I've narrowed it down to be PF/NAT/External Interface (possibly) as I have = a web server in another jail on the same host. The web server is hosting a = 1GB file. If I download the 1GB using the web server's private IP address d= own the OpenVPN tunnel I get a reasonable speed of about 2MB/s where as dow= nloading the same 1GB file from a public web server via the OpenVPN tunnel = (so going through PF/NAT on the host) results in 30KB/s maximum. Just to re= iterate the point, the web server running on the FreeBSD host on DO is publ= icly accessible on the Internet. If I disconnect my OpenVPN and use the pub= lic IP to download the 1GB I get 5-6MB/s which is the speed on my VDSL2 cir= cuit. Any help massively appreciated Regards James