Text only | Text with Images

OPNsense Forum

English Forums => 25.1, 25.4 Series => Topic started by: KE-admin on August 07, 2025, 10:07:56 PM

Title: Very poor inbound perfomance; TCP Retransmissions
Post by: KE-admin on August 07, 2025, 10:07:56 PM
I am experiencing very poor performance on a recently installed OPNsense version 25.1 VM in a Debian/KVM hosted environment.  All the normally disabled offloading has been checked. 

I have taken to troubleshooting the issue by using SCP from the OPNsense VM to/from various local and remote targets.  Secure copies outbound perform fine in all cases.  Secure copies inbound are exceedingly slow and packet capture reveals "TCP Previous segment not captured/TCP Retransmission" any time data must traverse the physical switch.  Inbound from a source running on the same host works fine.

Here is the ifconfig from FreeBSD:

vtnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
   description: Outside (wan)
   options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
   ether 52:54:00:44:b6:4b
   inet <IP> netmask 0xfffffff0 broadcast <gatewayIP>
   inet6 fe80::5054:ff:fe44:b64b%vtnet0 prefixlen 64 scopeid 0x1
   media: Ethernet autoselect (10Gbase-T <full-duplex>)
   status: active
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>


and relevant info from the KVM side:

root@kvm2:~# ip a s vnet122
135: vnet122: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master outside state UNKNOWN group default qlen 1000
    link/ether fe:54:00:44:b6:4b brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fe44:b64b/64 scope link
       valid_lft forever preferred_lft forever
root@kvm2:~# ip a s outside
4: outside: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4e:bb:da:ba:6a:f8 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::4cbb:daff:feba:6af8/64 scope link
       valid_lft forever preferred_lft forever
root@kvm2:~# ip a s enp2s0f1np1
3: enp2s0f1np1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master outside state UP group default qlen 1000
    link/ether 9c:6b:00:99:c4:2e brd ff:ff:ff:ff:ff:ff
root@kvm2:~# ethtool -I vnet122
Settings for vnet122:
   Supported ports: [  ]
   Supported link modes:   Not reported
   Supported pause frame use: No
   Supports auto-negotiation: No
   Supported FEC modes: Not reported
   Advertised link modes:  Not reported
   Advertised pause frame use: No
   Advertised auto-negotiation: No
   Advertised FEC modes: Not reported
   Speed: 10Mb/s
   Duplex: Full
   Auto-negotiation: off
   Port: Twisted Pair
   PHYAD: 0
   Transceiver: internal
   MDI-X: Unknown
        Current message level: 0x00000000 (0)
                             
   Link detected: yes
Title: Re: Very poor inbound perfomance; TCP Retransmissions
Post by: meyergru on August 07, 2025, 10:15:49 PM
Did you read this (https://forum.opnsense.org/index.php?topic=44159.0)? Especially the bits about network "hardware"?
Title: Re: Very poor inbound perfomance; TCP Retransmissions
Post by: KE-admin on August 07, 2025, 10:49:22 PM
I just did! 

`ethtool --offload enp2s0f1np1 generic-receive-offload off` looks like it fixes this.

Thanks for the HOWTO.  Good stuff!
Text only | Text with Images