Re: Performance issues with vnet jails + epair + bridge

In reply to: Miroslav Lachman : "Re: Performance issues with vnet jails + epair + bridge"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Chris <bsd-lists_at_bsdforge.com>
Date: Mon, 16 Sep 2024 23:12:50 UTC

On 2024-09-16 07:32, Miroslav Lachman wrote:
> On 15/09/2024 19:56, Sad Clouds wrote:
>> On Sun, 15 Sep 2024 18:01:07 +0100
>> Doug Rabson <dfr@rabson.org> wrote:
>> 
>>> I just did a throughput test with iperf3 client on a FreeBSD 14.1 host 
>>> with
>>> an intel 10GB nic connecting to an iperf3 server running in a vnet jail on
>>> a truenas host (13.something) also with an intel 10GB nic and I get full
>>> 10GB throughput in this setup. In the past, I had to disable LRO on the
>>> truenas host for this to work properly.
>>> 
>>> Doug.
>> 
>> Hello Doug, can you please confirm that you are NOT using if_epair(4)? I
>> imagine you dedicate one of the Intel 10Gb ports to a jail. This is not
>> an option for some of us, so a virtual NIC of some sort is the only
>> option with vnet jails. Other people also mentioned that vnet by itself
>> is not an issue and your test confirms this, however I'm observing poor
>> scalability specifically with the epair virtual NIC.
>> 
>> I will be trying netgraph when I have some more time. If there are
>> other alternatives to if_epair then I would be interested to learn
>> about them.
> 
> Try ngbuddy, it will help you with configuring netgraph.
> 
> Or you can create second loopback interface, for example lo1 and put your 
> jails on
> it. I don't know what your scenario is, but I used lo1 in the past with 
> private
> IPs (10.x.x.x or 172.16.x.x) for jails not facing the outside world, just
> communicating with the host)
> 
> You can put something similar to rc.conf:
> 
> cloned_interfaces="lo1"
> # interface where all jails will bind
> ifconfig_lo1="inet 172.16.55.22 netmask 255.255.255.0"

I was going to suggest something like this as well. I often employ this with
jails. You can also facilitate exchanging traffic with the outside via pf(4)

(host) rc.conf(5):
cloned_interfaces="lo1"
pf_enable="YES"
pflog_enable="YES"

(host) pf.conf:
EXT_ADDR="192.168.1.2"
set skip on { lo0, lo1 }
nat pass on wlan0 from { lo1 } to any -> $EXT_ADDR
rdr pass on wlan0 proto tcp from any to { lo1 } -> $EXT_ADDR

Exchanging the EXT_ADDR value with your hosts NIC address. I use
the loopback interface as 120.0.0.1-N as needed.

--Chris

> 
> Then run: service netif cloneup
> 
> Kind regards
> Miroslav Lachman

-- 
sent from a device written from and running on FreeBSD