[Bug 277718] Really bad throughput of pf NAT over vtnet(4) with rx/txcsum enabled

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277718

            Bug ID: 277718
           Summary: Really bad throughput of pf NAT over vtnet(4) with
                    rx/txcsum enabled
           Product: Base System
           Version: 14.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: b...@freebsd.org
          Reporter: p...@hausen.com

Hi Kristof,

I still owe you a proper bug ticket for the issue we shortly talked about in
Coimbra. During the winter holidays when I planned to work on "open source
things" I fell ill with covid - so that was that.

Anyway, the issue is still quite easily reproducible in 14.0-p5.

I have this virtual machine at Vultr located in New Jersey that I use as a
wireguard (kernel module as standard in releng/14) endpoint for obvious
reasons. The uplink has a single public IPv4 and a single public IPv6 address
so I use tunnel networks for both protocols and NAT both outbound to the
interface address.

Wireguard config:
----
[Interface]
Address = 192.168.254.1/24,2003:a:d59:3840::1/64
PrivateKey = ***
ListenPort = 51820

# PMH
[Peer]
PublicKey = ***
AllowedIPs = 192.168.254.2/32,2003:a:d59:3840::2/128
----

The client (Mac OS) has 0.0.0.0/0 and ::/0 in its AllowedIPs routing the entire
traffic through the tunnel.

For IPv4 I use an RFC 1918 network, obviously. For IPv6 I use a GUA /64 from my
allocation at home, because ULA are essentially useless the way current desktop
OSes treat them.

pf NAT config:
----
nat on vtnet0 from 192.168.254.0/24 to any -> 140.82.8.233
nat on vtnet0 from 2003:a:d59:3840::/64 to any ->
2001:19f0:5:2634:5400:3ff:fefa:33f9

pass all no state
----

I am currently sitting behind a local 100 Mbit/s symmetrical uplink. Using
Ookla Speedtest I get:

Local connection without VPN enabled: 90/90 Mbit/s
VPN connection with vtnet0 -rxcsum -txcsum -rxcsum6 -txcsum6: 80/80-ish Mbit/s,
no noticeable slowdown
VPN connection with vtnet0 without -rxcsum -txcsum -rxcsum6 -txcsum6: 0.3
Mbit/s download while upload seems to be unaffected


I can give you root access to the server if required.

Kind regards,
Patrick

-- 
You are receiving this mail because:
You are the assignee for the bug.