#arpnetworks 2017-11-20,Mon

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***km_ has quit IRC (Ping timeout: 255 seconds)
km_ has joined #arpnetworks
[03:11]
.......... (idle for 45mn)
ziyourenxiang has joined #arpnetworks [03:58]
.......... (idle for 48mn)
perlgod has quit IRC (Read error: Connection reset by peer) [04:46]
perlgod has joined #arpnetworks [04:51]
..................................... (idle for 3h3mn)
KILLALLHUMANS01 has quit IRC (Ping timeout: 264 seconds)
tabthorpe has joined #arpnetworks
KILLALLHUMANS01 has joined #arpnetworks
[07:54]
.......... (idle for 48mn)
ziyourenxiang has quit IRC (Ping timeout: 240 seconds) [08:44]
............................................... (idle for 3h53mn)
nznzx2 has joined #arpnetworks [12:37]
............... (idle for 1h11mn)
up_the_ironsbrycec: yeah that is nice [13:48]
.............. (idle for 1h7mn)
***ziyourenxiang has joined #arpnetworks [14:55]
.... (idle for 19mn)
ziyourenxiang has quit IRC (Ping timeout: 240 seconds)
reardencode has quit IRC (Read error: Connection reset by peer)
reardencode has joined #arpnetworks
[15:14]
................................ (idle for 2h35mn)
perlgoddoes anyone know the networking specs for the arp thunder instances? ive been troubleshooting abysmal openvpn performance for the last few hours
looks like throughput is limited to 10MB/sec up and down
i managed to get >0.15mbps by disabling all the hardware offload options in freebsd or vtnet0
[17:52]
mercutioperl: are you using pf?
freebsd has some bugs with pf and checksum
[17:59]
perlgodyeah, i am using pf [17:59]
mercutioyou might find your speed goes up magically when you disable pf
well not now that you've disabled the offload probably.
[18:00]
perlgodinteresting...but...i love pf :( [18:00]
mercutiofix the bugs then!
when i was reading about it it sounded like it was non-trivial to fix
[18:00]
perlgodthe weird thing is, over the vpn, my upload speed is great but download is awful [18:00]
mercutioso one sided issue
so disabling the offload fixed it?
i might have some notes somewhere from what i found...
[18:01]
perlgoddisabling the offload definitely helped. i get like 2mbps download instead of 0.15mbps
but, suppoedly i should get (close to) 100mbps
[18:02]
mercutioyeah
hangon i'll check
[18:02]
perlgodtesting this with a combo of iperf and transfering an ubuntu iso back and forth from my thunder instance.
interestingly, either speedtest.net has banned arpnetworks, or arpnetworks has blacklisted speedtest.net it seems
[18:03]
mercutioare you using ipv4 or ipv6?
turning csum, gso, tso off on host improves freebsd performance a little
[18:05]
perlgodi believe my openvpn uses ipv4 only
dont have any issues with normal tcp traffic.
[18:07]
mercutiooh hangon
are you using normal port
[18:08]
perlgod1194 [18:08]
mercutiothere might be the additional thing of the udp rate limit [18:08]
perlgodno good? [18:08]
mercutiobut that's at 5 megabit
nah that port is exempt
[18:08]
perlgodactually [18:08]
mercutiohttp://support.arpnetworks.com/kb/main/is-there-a-firewall-filter-rate-limit-or-similar-device-applied-to-my-traffic [18:08]
perlgodwhen i had my metal instance....
i remember i had to file a ticket
and garry was like
i remember now
1194 is supposed to be exempt from udp rate limit, but garry had to disable the rate limit for my whole block bc the exemption didnt work
[18:08]
mercutiowas your openvpn performance higher with metal? or weren't you using freebsd? [18:09]
perlgodmaybe that exemption got lost in the ether
i was using freebsd both times
[18:09]
mercutioit's 5 megabit rather than 2 megabit though [18:09]
perlgodi got ~80mbps once garry disabled the rate limit for my whole IP block
h/o let me run a speed test
getting around 3.5 mbps down, 20 mbps up
[18:10]
mercutioyou could try iperf -b 5m -c <your home ip> -P with iperf -s -i 1 -u on your home ip [18:11]
perlgoddoes the rate limit only apply to outbound traffic? [18:11]
mercutiowell with a port forwrad too probably
yeah
[18:11]
perlgodthat seems like the issue then
the missing 1.5 mbps is probably overhead
but anyway, pf + vnet0 + hw offloading = problems ?
[18:11]
mercutioyeah
but i think there's a separate hw offload oddity without pf too
are you using -tso -txcsum -rxcsum?
[18:13]
perlgodyes
ok so
iperf3 has a -R option, so i didnt need to do port forward
[18:14]
mercutiooh cool [18:15]
perlgoddefinitely hitting 5mbps rate limit
let me manually set port to 1194 and try again
[18:15]
mercutiohttps://www.freebsd.org/security/advisories/FreeBSD-EN-16:02.pf.asc
that appears that some of the pf checksum stuff was fixed
[18:15]
perlgodpf seems not very well maintained
on freebsd.
[18:16]
mercutiobut i noticed this after that...
it's not just that it's badly maintained. it was forked, with some very odd changes that make it hard to integrate upstream changes
so they've stayed at an old version
now they've added their own SMP work etc in
creating even more complications
the whole freebsd network side is a bit iffy. there's memory fragmentation issues with large mtus too
[18:16]
perlgodok, i ran iperf over port 1194 udp, still hitting the 5mbps rate limit
so it must be the same issue i had 2 years ago
[18:18]
mercutio1194 as source? [18:18]
perlgodyeah
[SUM] 0.00-10.00 sec 5.96 MBytes 5.00 Mbits/sec 3.508 ms 4086/8404 (45%) receiver
[18:18]
mercutioand fine with 4megabit? [18:18]
perlgodcouldnt parse that last question [18:19]
mercutioif you go down to 4 megabit for sending speed does it work fine [18:19]
perlgodah, one sec
i can only hit the 5mbps rate limit by telling iperf to use multiple threads
wait nvm, bad copypasta from stackexchange
yeah, no packet loss if i limit to 4mbps
[18:19]
mercutiosounds like it's that then [18:23]
perlgodiperf3 -c beastie.c0ffee.net -u -R -p 1194 -b 4m [18:23]
mercutiosend a ticket in [18:23]
perlgod[ 7] 0.00-10.00 sec 4.82 MBytes 4.04 Mbits/sec 0.361 ms 0/3492 (0%) receiver
will do
mercutio - worth it to learn IPFW ? ive been using pf for years but if it cant even checksum properly it might be time to switch
[18:23]
mercutioi think the netbsd one is ok
but i haven't looked into it much, i am used to pf
[18:24]
perlgodyeah, the syntax is so good. [18:25]
mercutioFreeBSD does not use Linux® IPTABLES for its firewall. Instead, FreeBSD offers a choice of three kernel level firewalls:
just to confuse you :)
is ipfilter the netbsd one?
seems not
hmm
https://en.wikipedia.org/wiki/NPF_(firewall)
[18:25]
BryceBotNPF (firewall) :: NPF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to iptables, ipfw, ipfilter and PF. NPF is developed on NetBSD. History NPF was primarily written by Mindaugas Rasiukevicius. NPF first appeared in the NetBSD 6.0 release in 2012. Features NPF is designed for high performance on SMP systems and for easy extensibility. It supports various forms of Network... [18:27]
mercutioit seems there was talk of importing npf but it never happened
i'm actually not sure why netbsd isn't more popular. it has a lot of benefits over freebsd...
[18:28]
perlgoddont send me down the rabbit hole of learning another bsd distro [18:33]
mercutioheh [18:34]
mike-burnsBut if you are going to learn another BSD, I recommend OpenBSD! You might like their packet filter software ... [18:34]
perlgodive toyed around with it. the ACPI support is a lot better for laptops etc
installed TrueOS on an old thinkpad i have. their lumina desktop is pretty nice, cool to have a BSD-first DE
also crazy that its just one dude hacking away at it
[18:35]
mercutioenlightenment had one person hacking on it, then other people joined in and development slowed
sometimes it's easier to make progress on your own
[18:37]
............................................................. (idle for 5h0mn)
dnehell is other people [23:37]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)