Re: Performance issues with VNET/bridge/VLAN

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Performance issues with VNET/bridge/VLAN

Michael Grimm-4
Am 2019-02-22 11:31, schrieb Patrick M. Hausen:

[x-posted to [hidden email]]

> The machine is an iocage jail host, all jails with VNET.
>
> The problem is: network performance in the jails (not on the host!) is
> abysmal
> with the second setup. Not consistently so, everything *seems* to work
> but e.g. a customer complained that checking out a project from github
> happend at 15k/s … that’s when we started to investigate.

[...]

> *Any* idea what might be going on here? We use VNET all the same on all
> the
> hosts and it is still labelled „experimental", yes. But all the parts
> that
> make up the different setups - bridge(4), vlan(4) - have been in
> FreeBSD
> for ages. I’m just combining features orthogonally like every good
> sysadmin ;-)
>
> If someone is willing to do some investigation, I think I can provide a
> test
> system and remote access …

This sounds familiar to me, please have a look at the following two
threads:

https://lists.freebsd.org/pipermail/freebsd-jail/2019-February/003684.html
https://lists.freebsd.org/pipermail/freebsd-net/2017-December/049470.html

If your hosts run on cloud infrastructure odds are that the mentioned
settings will work in your case.

Regards,
Michael
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Performance issues with VNET/bridge/VLAN

Patrick M. Hausen
Hi!

> Am 22.02.2019 um 18:03 schrieb Michael Grimm <[hidden email]>:
>
> Am 2019-02-22 11:31, schrieb Patrick M. Hausen:
>
> [x-posted to [hidden email]]
>
>> The machine is an iocage jail host, all jails with VNET.
>> The problem is: network performance in the jails (not on the host!) is abysmal
>> with the second setup. Not consistently so, everything *seems* to work
>> but e.g. a customer complained that checking out a project from github
>> happend at 15k/s … that’s when we started to investigate.
>
> [...]
>
>> *Any* idea what might be going on here? We use VNET all the same on all the
>> hosts and it is still labelled „experimental", yes. But all the parts that
>> make up the different setups - bridge(4), vlan(4) - have been in FreeBSD
>> for ages. I’m just combining features orthogonally like every good sysadmin ;-)
>> If someone is willing to do some investigation, I think I can provide a test
>> system and remote access …
>
> This sounds familiar to me, please have a look at the following two threads:
>
> https://lists.freebsd.org/pipermail/freebsd-jail/2019-February/003684.html
> https://lists.freebsd.org/pipermail/freebsd-net/2017-December/049470.html
>
> If your hosts run on cloud infrastructure odds are that the mentioned settings will work in your case.

Bare metal. We *provide* cloud infrastructure by the means of jails and VNET.

See this URL for the shameless marketing plug [tm] ;-) Or my talk at EuroBSDCon 2017 in Paris.
https://infrastructure.punkt.de/de/produkte/proserver.html

And no PF, no NAT, no IPFW - just the setup I showed in my first mail
and of course epair(4) interfaces added to the bridge by iocage …

We happened to have a handful of servers without enough free uplink ports
in the respective racks and thought we could get away cheaply using trunks
and VLANs.

But I’ll fiddle with LRO nonetheless and report if that changes anything.

Thanks
Patrick
--
punkt.de GmbH Internet - Dienstleistungen - Beratung
Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100
76133 Karlsruhe [hidden email] http://punkt.de
AG Mannheim 108285 Gf: Juergen Egeling

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Performance issues with VNET/bridge/VLAN

Michael Grimm-4
Hi

On 22. Feb 2019, at 19:48, Patrick M. Hausen <[hidden email]> wrote:

> epair(4) interfaces added to the bridge

These are my number one suspects when it comes to performance loss within a VNET jail compared to the host system.

> But I’ll fiddle with LRO nonetheless and report if that changes anything.

I'm interested to learn if bare metal might behave comparable to cloud infrastructure or not?

Regards,
Michael
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Performance issues with VNET/bridge/VLAN

Patrick M. Hausen
Hi,

just a quick info - I need some more time because this is getting weirder and weirder …

Changing the „complaint“ host from VLANs to dedicated interfaces fixed
the perceived TCP performance issue for that host. Then I tried to reproduce
the problem on another host *with* the VLAN based setup.
Same OS version, identical setup (all Ansible here) - *no* performance issue.
Everything running „fast“.

I’ll try to build a reliable test scenario with reproducibly problematic results
and report back.

Kind regards
Patrick
--
punkt.de GmbH Internet - Dienstleistungen - Beratung
Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100
76133 Karlsruhe [hidden email] http://punkt.de
AG Mannheim 108285 Gf: Juergen Egeling

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"