strange "throttling" issue with pf on xDSL connection
patpro at patpro.net
Wed Aug 1 11:36:31 UTC 2007
Two of us have found out a very strange issue with pf on FreeBSD 6.2
on a xDSL connection.
In both case:
- the FreeBSD system is pluged on a xDSL box provided by french ISP
- pf is used to firewall the connection and to share it on a LAN
- pf.conf is relatively simple, and does not use ALTQ
We have discover that requests to files on <http://test-debit.free.fr/
> yield to very poor download rates (aprox. 140 KB/s), but we can
launch 3 or more simultaneous download (aprox 120 KB/s each). So the
total bandwidth looks ok.
If we turn pf off (unload the kernel module or "set skip on $ext_if"
in pf.conf), the download speed reaches 650-700 KB/s for the same
file. (note: http://test-debit.free.fr is an official bandwidth test
page for the ISP free.fr)
Two things are strange:
- pf acts like it's throttling the connection, while no throttling
instruction is given
- with other servers, it happens that the download speed is ok (not
all servers), even if pf is active, but it's never ok with http://
test-debit.free.fr unless pf is off.
I've come to the conclusion that pf alters in some way the TCP flow,
and that this alteration is not compatible with some servers or
network appliance, thus degrading the max transfer rates.
I have no particular sysctl options, ALTQ is not active (I've tested
a kernel with and without ALTQ: same result). We've tested pf.conf
without "scrub in all": same result.
Let me know if a tcpdumped transfert with and without pf could help.
`dmesg`, `sysctl -a` and pf.conf upon request.
Any hint is welcome.
More information about the freebsd-pf