On 4/11/2022 8:07 PM, Matt Garber wrote:
On Mon, Apr 11, 2022 at 7:15 PM mike tancsa <m...@sentex.net> wrote:< details about busted rxsum snipped > I opened up https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263229Unless someone knows otherwise, I’ve been under the impression that PF — or potentially any of the other FreeBSD firewalls (?), but I use PF — has been “broken” in that regard on Linux KVM-based FreeBSD guests for years. As such I’ve always needed to use csum_disable flags on the vtnet interfaces or suffer *extremely* poor network performance, even for servers not doing NAT forwarding.
For forwarding / routing it certainly under performs compared to what it can do on bare metal, but for my application I need more security/management than network speed. Plus we all have more use case experience with pf at the office. It seems to top out at around 200Mb/s with the EM nics through the VM. My use case is perhaps 5-10Mb sustained. Hypervisor is CPU: AMD EPYC Processor (2100.07-MHz K8-class CPU).
---Mike
E.g., see: https://serverfault.com/questions/817664/slow-network-fixed-adding-hw-vtnet-csum-disable-1-what-are-the-posible-side-effe https://forum.proxmox.com/threads/poor-virtio-network-performance-on-freebsd-guests.26289/ —Matt
