Bandwidth limitations problems without any traffic shaping rules

Started by jinxray, October 23, 2024, 01:34:56 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 23, 2024, 01:34:56 PM
We have Opnsense instance in cloud environment between separated from each other networks. For some reason, there is serious speed limitations: ~300KB/S-800KB/S. Cloud provider didnt register any problems with cloud platform. If traffic dont go through Opnsense, speed is normal. There is no traffic shaping rules. Rebooted opnsense, didnt work either. Can you point, where should I look and what exactly?
October 23, 2024, 01:43:50 PM #1
KVM based cloud and VirtIO network interfaces? Please check and report back.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 23, 2024, 01:51:18 PM #2
October 23, 2024, 01:54:25 PM #3
Try this:

1. System > Settings > Tunables
2. Add tunable, name=hw.vtnet.csum_disable, value=1
3. Save and reboot
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 23, 2024, 02:13:36 PM #4
Quote from: Patrick M. Hausen on October 23, 2024, 01:54:25 PM
Try this:

1. System > Settings > Tunables
2. Add tunable, name=hw.vtnet.csum_disable, value=1
3. Save and reboot

Thanks! It worked out. Can you explain nature of the problem and why it happened? So, it is some checksum calculation? Am I getting it right, without checksum there will be more resource utilization?
October 23, 2024, 02:27:28 PM #5 Last Edit: October 23, 2024, 02:30:25 PM by Patrick M. Hausen
There's a bug or a common misconfiguration at cloud providers in KVM that works out to our (FreeBSD) disadvantage. The hypervisor announces the virtual network hardware would perform checksum offloading but then does not actually do it. FreeBSD thinks "fine, HW offloading is great" and enables it, which leads to checksum errors, which leads to retransmissions, which leads to orders of magnitude too low throughput.

I identified at least these bug reports having a high probability of being due to this problem:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263229
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277718
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276760
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235607
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165059
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259249

So people are searching for FreeBSD bugs where there aren't any.

This has been discussed in the regular bhyve production users call and people are working on it together with Vultr and Digitalocean if I am not mistaken. In the meantime apply the workaround and you will be fine.

It disables checksum offloading, not checksums. The performance penalty is probably negligible.

I'll file a merge request - the tunable does not hurt if you are not running on KVM, and if you are then it most probably helps.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 31, 2024, 02:12:56 PM #6
@jinxray

Following my proposed change to the OPNsense defaults to include the `hw.vtnet.csum_disable` tunable I was reminded that checksum offloading is in fact disabled by default for new OPNsense installations.

Did you initially change any of these settings before you noticed the low performance?

Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions