Hi Frank, Are you sure the traffic does not go out to the internet or take an unexpected path? Check ping and traceroute to ensure the path is expected and round-trip times are low (as you'd expect on a LAN). Verify traceroute in both directions.
Another idea, perhaps something is misconfigured and the firewall thinks that A and B hosts are on the same subnet and it sends out an ICMPv6 Redirect packet for each packet transiting the firewall to signal the source of a better/direct path. Generating these packets might be CPU-intensive for the firewall and slow down the transfer. Additionally, perform a packet capture when doing an IPv4 and IPv6 transfer and compare the two. Search for differences, look for TCP window size values, window scaling values, they might be entirely different in v4 and v6. Check also if there are some related packets such as some ICMP errors or maybe some retransmits or duplicate ACKs which you may see with v6 and not with v4. Also, run top or atop or htop on the firewall to see the CPU usage and compare the usage during IPv4 and IPv6 transfers to see if it's significantly different, perhaps IPv6 uses more CPU cycles and you can identify with top what process or task requires more CPU to have a better understanding and fix it. Best regards, Andras On Wed, Oct 7, 2015 at 1:07 AM, Frank Steiner <[email protected]> wrote: > Hi all, > > I've encountered a strange speed problem with ipv6 forwarding. We are using a > routing firewall running SLES 11 sp3 at our chair. It has two 10GB network > cards with 10G uplinks. We have a subnet behind the firewall and one in front > of it and the firewall is configured to forward all traffic between the > networks (and has ips from the network on the according devices of course). > All hosts/networks have public ipv4 and public ipv6 IPs. > > Now I'm at host A behind the firewall and copy a file from host B outside > the firewall. Works with ~ 112MB/s (the hosts have 1 GB uplinks) when I > explicitely use the ipv4 address of B in the scp/wget or whatever. When I use > the ipv6 address of B (which is the default when I use the host name), the > transfer rate drops to ~ 1 MB/s. > > When copying from A to B via ipv6 adresses I get ~ 15 MB/s. > > But (let's assume the firewall ist host F) when I copy from A to F, F to A, B > to F, F to B, always using ipv6 addresses, I always get the full transfer > speed of ~ 112 MB/s. > > Thus, both directions from and to the firewall from both subnets are working > at full speed when using ipv6 adresses. Only the forwarding through the > firewall is slow with ipv6 adresses, while it's fast with ipv4. > > I've no idea where to start looking. I flushed all ip6tables rules with no > change, /proc/sys/net/ipv6/conf/all/forwarding is "1", default route is set > for ipv4 and ipv6. > > Any ideas what could be wrong with my setup? > > cu, > Frank > > -- > Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ > Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ > LMU, Amalienstr. 17 Phone: +49 89 2180-4049 > 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 > * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
