Poor network performances
Hi, I've been witnessing poor performances while using NetBSD 7.0/amd64 on a Gigabit network. I tried this with 2 differents NICs. Default scenario, either re(4) or alc(4): $ ifconfig re0 # relevant bits re0: flags=8843 mtu 1500 capabilities=3f00 capabilities=3f00 enabled=0 ec_capabilities=3 ec_enabled=0 address: f8:df:2f:f7:af:f2 media: Ethernet autoselect (1000baseT full-duplex) status: active [...] On the actual gigabit LAN: $ iperf3 -c coruscant -l16k Connecting to host coruscant, port 5201 [ 4] local 192.168.1.57 port 32792 connected to 192.168.1.249 port 5201 [ ID] Interval Transfer Bandwidth Retr Cwnd [ 4] 0.00-1.00 sec 6.73 MBytes 56.5 Mbits/sec0 69.3 KBytes [ 4] 1.00-2.00 sec 12.1 MBytes 102 Mbits/sec0102 KBytes [ 4] 2.00-3.00 sec 14.1 MBytes 118 Mbits/sec0136 KBytes [ 4] 3.00-4.00 sec 15.0 MBytes 126 Mbits/sec 19154 KBytes [ 4] 4.00-5.00 sec 16.4 MBytes 138 Mbits/sec0188 KBytes [ 4] 5.00-6.00 sec 16.7 MBytes 140 Mbits/sec 30187 KBytes [ 4] 6.00-7.00 sec 18.3 MBytes 153 Mbits/sec0195 KBytes [ 4] 7.00-8.00 sec 17.8 MBytes 149 Mbits/sec0195 KBytes [ 4] 8.00-9.00 sec 18.1 MBytes 152 Mbits/sec0195 KBytes [ 4] 9.00-10.00 sec 18.0 MBytes 151 Mbits/sec0195 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Retr [ 4] 0.00-10.00 sec 153 MBytes 129 Mbits/sec 49 sender [ 4] 0.00-10.00 sec 152 MBytes 128 Mbits/sec receiver The client machine is a linux box which actually reaches Gb transfer with another linux host. Over my FO Internet connection: NetBSD: $ iperf3 -c ping.online.net [...] [ ID] Interval Transfer Bandwidth Retr [ 6] 0.00-10.01 sec 44.3 MBytes 37.1 Mbits/sec 45 sender [ 6] 0.00-10.01 sec 44.1 MBytes 37.0 Mbits/sec receiver Linux: $ iperf3 -c ping.online.net [...] [ ID] Interval Transfer Bandwidth Retr [ 4] 0.00-10.00 sec 124 MBytes 104 Mbits/sec 49 sender [ 4] 0.00-10.00 sec 121 MBytes 102 Mbits/sec receiver To be 100% honest, the Linux box is connected through a PLC while the NetBSD box is directly connected to the ISP router... I tried tweaking sysctl a bit like indicated here: https://wiki.netbsd.org/tutorials/tuning_netbsd_for_performance/ without success. Hints? Thoughts? Emile `iMil' Heitor * _ | http://imil.net| ASCII ribbon campaign ( ) | http://www.NetBSD.org | - against HTML email X | http://gcu.info| & vCards / \ !DSPAM:57ee707c128551504132269!
Re: Poor network performances
On Fri, 30 Sep 2016, Emile `iMil' Heitor wrote: I tried tweaking sysctl a bit like indicated here: https://wiki.netbsd.org/tutorials/tuning_netbsd_for_performance/ I found these values to help a lot: http://proj.sunet.se/E2E/netbsd.txt from http://proj.sunet.se/E2E/tcptune.html Emile `iMil' Heitor * _ | http://imil.net| ASCII ribbon campaign ( ) | http://www.NetBSD.org | - against HTML email X | http://gcu.info| & vCards / \ !DSPAM:57ee8907262441074220105!
bozohttpd support for SNI
Hello! Does bozohttpd in NetBSD (7 or current) support SNI (Server Name Identification) such that multiple SSL sites can be served from one HTTPS server? If not, what is NetBSD's position on the feature: is it "we're open to accepting a quality patch," or is it more "we'd rather not add the feature; it's better to just use separate server instances on separate IP addresses; we're trying to keep with bozohttpd's main feature as stated on its website which is 'the lack of features, reducing the code size and improving verifiability'"? Thanks! Lewis
Re: bozohttpd support for SNI
Personally, I'd love to have support for SNI (and multiple -Z paths per site too) - I'd use it daily. In fact, I was just bemoaning that fact yesterday, but am not best-placed to do anything about it right now (yes, I suck :() Best, Alistair On 30 September 2016 at 13:37, J. Lewis Muir wrote: > Hello! > > Does bozohttpd in NetBSD (7 or current) support SNI (Server Name > Identification) such that multiple SSL sites can be served from one > HTTPS server? If not, what is NetBSD's position on the feature: is it > "we're open to accepting a quality patch," or is it more "we'd rather > not add the feature; it's better to just use separate server instances > on separate IP addresses; we're trying to keep with bozohttpd's main > feature as stated on its website which is 'the lack of features, > reducing the code size and improving verifiability'"? > > Thanks! > > Lewis >
Re: bozohttpd support for SNI
On Fri, Sep 30, 2016 at 4:43 PM, Alistair Crooks wrote: > Personally, I'd love to have support for SNI (and multiple -Z paths > per site too) - I'd use it daily. > > In fact, I was just bemoaning that fact yesterday, but am not > best-placed to do anything about it right now (yes, I suck :() > > Best, > Alistair > > On 30 September 2016 at 13:37, J. Lewis Muir wrote: > > Hello! > > > > Does bozohttpd in NetBSD (7 or current) support SNI (Server Name > > Identification) such that multiple SSL sites can be served from one > > HTTPS server? If not, what is NetBSD's position on the feature: is it > > "we're open to accepting a quality patch," or is it more "we'd rather > > not add the feature; it's better to just use separate server instances > > on separate IP addresses; we're trying to keep with bozohttpd's main > > feature as stated on its website which is 'the lack of features, > > reducing the code size and improving verifiability'"? > > > > Thanks! > > > > Lewis > > > bozo is growing features pretty quickly as netbsd keeps trying to use it to do actual stuff(tm). :)
Re: bozohttpd support for SNI
On Fri, Sep 30, 2016 at 04:45:10PM -0400, matthew sporleder wrote: > > bozo is growing features pretty quickly as netbsd keeps trying to use it to > do actual stuff(tm). :) I'd prefer to see a lot of the complex functionality in bozo split out into helper programs. This feature, in particular, along with the rest of bozo's SSL handling, could go in something like pound -- except that pound is GPL. The helper could communicate with bozo on an AF_UNIX socket. Experience from a past life tells me such a program would take about two days to write, would leave me owing dyoung about six dinners for debugging, and would be about 1500 lines long. -- Thor Lancelot Simont...@panix.com "The dirtiest word in art is the C-word. I can't even say 'craft' without feeling dirty."-Chuck Close