Hello everybody,
When using an IPSEC-enabled Kernel on a 10.1 RELEASE Xen DomU, the performance drops from ~10 Gb/s to ~200 Mb/s, whether actually using IPSEC or not.
Andrey Elsukov has explained the (potential) issue here: https://lists.freebsd.org/pipermail/freebsd-net/2015-April/042123.html
When disabling TCP segmentation offload (
I noticed this, because on another (also Xen VM) machine running Tomcat, the connections became extremely slow when enabling PF and picked up speed again, as soon as I disabled PF, or disabled TSO on the interface. This machine was using a GENERIC Kernel.
Is this normal, known behaviour, i.e. or I have missed something?
When using an IPSEC-enabled Kernel on a 10.1 RELEASE Xen DomU, the performance drops from ~10 Gb/s to ~200 Mb/s, whether actually using IPSEC or not.
Andrey Elsukov has explained the (potential) issue here: https://lists.freebsd.org/pipermail/freebsd-net/2015-April/042123.html
When disabling TCP segmentation offload (
ifconfig xn0 -tso
) the performance picks up again up to ~3 Gb/s non-IPSec-Traffic.I noticed this, because on another (also Xen VM) machine running Tomcat, the connections became extremely slow when enabling PF and picked up speed again, as soon as I disabled PF, or disabled TSO on the interface. This machine was using a GENERIC Kernel.
Is this normal, known behaviour, i.e. or I have missed something?