Solved Network performance issues

C

circus78

Hi, I have a FreeBSD 12.1-RELEASE-p3 server that hosts basically two services in my infrastructure:
- OpenVPN server
- iperf server (for bandwidth tests).

It seems that after a while, iperf's measurements become really bad, while OpenVPN users seem not affected at all.
I would like to go deeper in this issue, any suggestions?

This is my rc.conf:

Code: 
# openvpn
pf_enable="YES"
pf_rules="/etc/pf.conf"
gateway_enable="YES"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server/server.conf"

This is my pf.conf:

Code: 
nat on vmx0 from 192.168.89.0/24 to any -> 192.168.82.27
#block all
pass from { lo0, 192.168.89.0/24, 192.168.82.0/23 } to any keep state


192.168.82.27 is the IP address assigned to server's interface.
192.168.89.0/24 is the network range used for OpenVPN users.

Some statistics:

Code: 
# pfctl -v -s rules
No ALTQ support in kernel
ALTQ related functions disabled
pass inet from 127.0.0.1 to any flags S/SA keep state
  [ Evaluations: 58131391  Packets: 200783    Bytes: 34980146    States: 14    ]
  [ Inserted: uid 0 pid 413 State Creations: 97665 ]
pass inet from 192.168.89.0/24 to any flags S/SA keep state
  [ Evaluations: 58131236  Packets: 52660660  Bytes: 19451957633  States: 10    ]
  [ Inserted: uid 0 pid 413 State Creations: 51931 ]
pass inet from 192.168.82.0/23 to any flags S/SA keep state
  [ Evaluations: 58131009  Packets: 279719584  Bytes: 259665044885  States: 67    ]
  [ Inserted: uid 0 pid 413 State Creations: 465629]
pass inet6 from ::1 to any flags S/SA keep state
  [ Evaluations: 58131248  Packets: 448664    Bytes: 161718662   States: 1     ]
  [ Inserted: uid 0 pid 413 State Creations: 7     ]
pass on lo0 inet6 from fe80::1 to any flags S/SA keep state
  [ Evaluations: 12        Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 0 pid 413 State Creations: 0     ]

Thank you very much
 
...I also noticed that, right now, I am unable to download a capture file (.pcap) from this server, through scp.
Generally, I download/upload files to this server without any issue.
 
Other data:

Code: 
# pfctl -s info

Status: Enabled for 8 days 12:14:07           Debug: Urgent

State Table                          Total             Rate
  current entries                      106               
  searches                       391301934          532.2/s
  inserts                           616882            0.8/s
  removals                          616776            0.8/s
Counters
  match                           58161242           79.1/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                  0            0.0/s
  normalize                              0            0.0/s
  memory                                 0            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                             23            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                        51            0.0/s
  state-insert                           0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                               0            0.0/s
  map-failed                             0            0.0/s
 
I also tried to transfer some file to this server to my PC (through scp) and at the same time, start capturing traffic with tcpdump.
I see lots of TCP retransmission..
 
There are some known performance issues due to the migration of vmx to iflib.
There are multiple open cases on freebsd-bugzilla a quick search gives:
PR 216425
PR 242070
PR 237321

It looks like disabling LRO, TSO makes a difference i.e.:
in /etc/rc.conf
ifconfig_vmx0="inet 192.168.XX.XX/24 -tso4 -tso6 -lro"

or from the command prompt:
ifconfig vmx0 inet 192.168.XX.XX/24 -tso4 -tso6 -lro
 
You must log in or register to reply here.
Back
Top