Well, that would definitely cause a problem if it were the case, but...
1) TCP window size != MTU,
2) all switches and Router (but not pfSense) can both handle 9000-byte frames
anyway,
3) MTU on server and client are both standard, at 1514,
4) I can confirm no fragmentation is occurring.
Still don't know why performance is so bad, though.
-Adam
On November 6, 2014 4:58:35 PM CST, Sean <[email protected]> wrote:
>Not a TCP expert but the MTU is nearly always 1500 (or just under)
>hence
>your limit. Sending packets greater than the MTU will lead to
>fragmentation. Fragmentation leads to re-transmissions (depends on do
>not
>fragment bit?) and performance problems. Performance problems leads to
>frustration and anger. Anger leads to the dark side of the force.
>
>You can increase the MTU to like 9000 or something if you enable jumbo
>frames but you'd need to support it across the board (pfSense, routers,
>switches?, servers, etc.). It's a hassle probably not worth the effort
>in
>terms of gains. Some people do it as a means to increase iSCSI traffic
>performance but others say the throughput gain is dubious at best. I
>would
>make sure some doofus didn't enable jumbo frames on your NFS server and
>if
>so then turn it off and check the MTU setting in the network stack on
>the
>NFS server as well.
>
>I may not know what the hell i'm talking about though so someone else
>can
>feel free to jump in and tell me what an idiot I am.
>
>
>
>On Wed, Nov 5, 2014 at 6:47 PM, Adam Thompson <[email protected]>
>wrote:
>
>> Problem: really, really bad performance (<10Mbps) on both NFS (both
>tcp
>> and udp) and CIFS through pfSense.
>>
>> Proximate cause: running a packet capture on the Client shows one
>smoking
>> gun - the TCP window size on packets sent from the client is always
>~1444
>> bytes. Packets arriving from the server show a TCP window size of
>~32k.
>>
>>
>> The Network:
>> +------+
>> |Router|
>> +--+---+
>> |
>> --+----+----+--
>> | |
>> +--+---+ +-------+
>> |Client| |pfSense|
>> +------+ +--+----+
>> |
>> --+---+--
>> |
>> +--+---+
>> |Server|
>> +------+
>>
>> - Client and pfSense both have Router as default gateway.
>> - pfSense has custom outbound NAT rules preventing NAT between
>Server
>> subnet and Client subnet, but NAT'ing all other - outbound
>connections.
>> - Router has static route pointing to Server subnet via pfSense.
>>
>> Hardware:
>> Router is an OpenBSD system (a CARP cluster, actually) running on
>> silly-overpowered hardware.
>> Client is actually multiple systems, ranging from laptops to
>high-end
>> servers.
>> Server is a Xeon E3-1230v3 running Linux, exporting a filesystem
>via
>> both NFS (v2, v3 & v4) and CIFS (samba).
>> pfSense is v2.1.5 (i386) on a dual P-III 1.1GHz, CPU usage
>typically
>> peaks at around 5%.
>>
>>
>> Performance on local Server subnet (i.e. from a same-subnet client)
>is
>> very good on all protocols, nearly saturating the gigabit link.
>> Traffic outbound from the server subnet to the internet (via Router)
>moves
>> at a decent pace, this firewall can typically handle ~400Mbps without
>any
>> trouble, IIRC synthetic benchmarks previously showed it can peak at
>over
>> 800Mbps.
>>
>> Based on the FUBAR TCP window sizes I've observed, I assume pfSense
>is
>> doing something to my TCP connections... but why are only the
>non-NAT'd
>> connections affected? I know there's an option to disable pf scrub,
>but
>> that's only supposed to affect NFSv3 (AFAIK), and this also affects
>> NFSv4-over-TCP and CIFS.
>>
>> --
>> -Adam Thompson
>> [email protected]
>>
>> _______________________________________________
>> List mailing list
>> [email protected]
>> https://lists.pfsense.org/mailman/listinfo/list
>>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>List mailing list
>[email protected]
>https://lists.pfsense.org/mailman/listinfo/list
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list
