Ilpo Järvinen:
> Can you try if you get better throughput between a proxy vm and an appvm 
> using this kind of topology?
> 
> sys-net <-> iperf-srv (proxyvm) <-> iperf-cli (appvm)
> 
> I could push ~10Gbps with one flow and slightly more with more parallel 
> flows between them.

Great find Ilpo! Did you have to do some iptables-trickery for this testing? I 
have ping working between proxy and appvm, but iperf and nc both tell me no 
route to host?

PROXY-VM:

$ ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.137.4.34  netmask 255.255.255.255  broadcast 10.255.255.255
        inet6 fe80::216:3eff:fe5e:6c20  prefixlen 64  scopeid 0x20<link>
        ether 00:16:3e:5e:6c:20  txqueuelen 1000  (Ethernet)
        RX packets 86  bytes 6193 (6.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 162  bytes 14313 (13.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 36  bytes 2016 (1.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 36  bytes 2016 (1.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vif37.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.137.6.1  netmask 255.255.255.255  broadcast 0.0.0.0
        inet6 fe80::fcff:ffff:feff:ffff  prefixlen 64  scopeid 0x20<link>
        ether fe:ff:ff:ff:ff:ff  txqueuelen 32  (Ethernet)
        RX packets 91  bytes 6489 (6.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 86  bytes 7993 (7.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

$ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       udp  --  anywhere             anywhere             udp dpt:bootpc
ACCEPT     all  --  anywhere             anywhere             ctstate 
RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere             reject-with 
icmp-host-prohibited

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate 
RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
ACCEPT     udp  --  10.137.6.35          gateway              udp dpt:domain
ACCEPT     udp  --  10.137.6.35          10.137.4.254         udp dpt:domain
ACCEPT     tcp  --  10.137.6.35          gateway              tcp dpt:domain
ACCEPT     tcp  --  10.137.6.35          10.137.4.254         tcp dpt:domain
ACCEPT     icmp --  10.137.6.35          anywhere            
DROP       tcp  --  10.137.6.35          10.137.255.254       tcp dpt:us-cli
ACCEPT     all  --  10.137.6.35          anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.137.4.1      0.0.0.0         UG    0      0        0 eth0
10.137.4.1      0.0.0.0         255.255.255.255 UH    0      0        0 eth0
10.137.6.35     0.0.0.0         255.255.255.255 UH    32715  0        0 vif37.0


APP-VM:
$ ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.137.6.35  netmask 255.255.255.255  broadcast 10.255.255.255
        inet6 fe80::216:3eff:fe5e:6c21  prefixlen 64  scopeid 0x20<link>
        ether 00:16:3e:5e:6c:21  txqueuelen 1000  (Ethernet)
        RX packets 86  bytes 6789 (6.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 91  bytes 7763 (7.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       udp  --  anywhere             anywhere             udp dpt:bootpc
ACCEPT     all  --  anywhere             anywhere             ctstate 
RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere             reject-with 
icmp-host-prohibited
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate 
RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.137.6.1      0.0.0.0         UG    0      0        0 eth0
10.137.6.1      0.0.0.0         255.255.255.255 UH    0      0        0 eth0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fbbef713-9086-465a-b8d8-cc16bd2ffed3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to