Best practice for virtualized pf based NAT router?

Trond Endrestøl Trond.Endrestol at fagskolen.gjovik.no
Tue Oct 4 11:02:47 UTC 2016 

On Tue, 4 Oct 2016 12:19+0200, Kristof Provost wrote:

> On 4 Oct 2016, at 11:39, Trond Endrestøl wrote:
> > I'm in the process of configuring a virtualized pf based NAT router.
> > The NAT router is supposed be a supplement to our pool of public IPv4
> > addresses.
> > 
> > FreeBSD is stable/11, r306639. XenServer 7.0.0, with all known
> > updates, is the virtualization environment.
> > 
> > I'm using xn0 as the external interface, and xn1 as the internal
> > interface.
> > 
> > The xn0 interface has a /30 IPv4 address and a /64 IPv6 address.
> > The xn1 interface has a /20 IPv4 address (and a /64 IPv6 address for
> > symmetry).
> > 
> > I followed ch. 29.3.3.1 of the Handbook.
> > 
> > In theory all is well, but with iftop(8) (net-mgmt/iftop) I only see a
> > throughput of merely 1 Mbit/s, yes, that's one megabit per second.
> > 
> There have been issues with pf and checksums in Xen before. I believe that the
> version you’re running has all of the relevant fixes, but it’s worth trying to
> disable TSO and other features on the network interfaces anyway.
> 
> ifconfig xn0 -rxcsum -txcsum -rxcsum6 -txcsum6 -tso6 -tso4 -lro (and the same
> for xn1).

That made all the difference. Thank you.

> If that makes a difference I’d be very interested in both network captures and
> further debugging.

I'm pretty sure you ment if your proposed changes _doesn't_ make any 
difference, but if you want network captures, etc, I'm sure I can 
arrange it.

Thank you again.

-- 
+-------------------------------+------------------------------------+
| Vennlig hilsen,               | Best regards,                      |
| Trond Endrestøl,              | Trond Endrestøl,                   |
| IT-ansvarlig,                 | System administrator,              |
| Fagskolen Innlandet,          | Gjøvik Technical College, Norway,  |
| tlf. mob.   952 62 567,       | Cellular...: +47 952 62 567,       |
| sentralbord 61 14 54 00.      | Switchboard: +47 61 14 54 00.      |
+-------------------------------+------------------------------------+

More information about the freebsd-questions mailing list