tunnel upstream is unusably slow

David Woodhouse dwmw2 at infradead.org
Thu Apr 3 04:54:37 EDT 2014 

On Thu, 2014-04-03 at 10:10 +0200, Ortwin Glück wrote:
> 
> On 02.04.2014 18:17, David Woodhouse wrote:
> > On Wed, 2014-04-02 at 17:58 +0200, Ortwin Glück wrote:
> >> I have just noticed that this is a regression in kernel 3.14! Works fine
> >> in 3.12 and 3.13.
> >>
> >> Sorry to bother you. I will bisect and speak to kernel folks.
> > 
> > Does it go away if you
> > 
> > echo 0 > /proc/sys/net/ipv4/tcp_autocorking
> 
> No. That was my first idea too :-)

OK, thanks. Time to resort to bisecting then, I suppose. But let's blame
Eric preemptively anyway... and perhaps manually start your bisection
right at commit f54b31114 :)

> > 
> >>
> >>>> No.     Time     Source                Destination           Protocol    Length Info
> >>>>    1100 0.214    tun-local             tun-remote            SSHv2    1280   Encrypted request packet len=1228
> >>>>    1101 0.000    SSL-local             SSL-remote            TLSv1    1126   Application Data
> >>>>    1102 0.000    SSL-local             SSL-remote            TLSv1    328    Application Data
> >>>
> >>> A packet is 'sent' over the tun interface. OpenConnect immediately sends
> >>> it. It takes *two* packets to send it, since your MTU inside the tunnel
> >>> is larger than your MTU outside the tunnel. 
> >>
> >> No matter what value I pass to --mtu I always end up with 2 packets -
> >> just their sizes change. What do you suggest?
> > 
> > Hm, that's odd. You pass a *much* smaller MTU value and you actually see
> > smaller packets like 1000 bytes on the tun device? And they're *still*
> > split into multiple packets on the wire for the public network?
> 
> Yes they would be split into one larger and a smaller chunk.
> 
> > Does that misbehaviour *also* persist with 3.13?
> 
> In 3.13 that looks entirely different. Here I get nice huge frames
> (chopped up by the NIC with segmentation offload)
> 
> 18:31:10.798668 IP SSL-local.40251 > SSL-remote.https: Flags [.], seq
> 2471220:2475508, ack 84847, win 65535, length 4288

Eric, any ideas on that one? This one is on the public-side network
between VPN client and server. (The other misbehaviour discussed above
with the 200ms delays was on traffic *inside* the VPN, going out through
the tun0 device. Which gets turned into these packets which are
misbehaving differently.)

Ortwin: is TSO definitely still enabled in 3.14? What NIC?

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140403/78e240ee/attachment-0001.bin>

More information about the openconnect-devel mailing list