On Tue, Apr 12, 2022 at 4:01 PM Patrick M. Hausen <[email protected]> wrote:
> Hi Kristof, hi all, > > > Am 12.04.2022 um 21:48 schrieb Kristof Provost <[email protected]>: > > That PF checksum issue was fixed > c110fc49da2995d10d60d908af0838ecb4be9bee, back in 2015. > > I still have abysmal performance with pf NAT in a DigitalOcean droplet > running 13.1-RC2 unless I configure: > > ifconfig_vtnet0="-rxcsum -txcsum -rxcsum6 -txcsum6" > > I can give you SSH access, if needed. > > Kind regards, > Patrick Same for me, on 12.x RELEASEs, and I’d previously tested on Digital Ocean and Google Compute Platform infrastructure. While I don’t doubt that some issues with TCP checksums have potentially been resolved, there are still unresolved performance problems using the vtnet driver (VirtIO, KVM host) unless checksums are disabled. This might only be specific to NAT/forwarding at this point, as I realized my setup also involved PF NAT’ing on cloned loopback interfaces for non-VNET jailed services. Also note that other KVM setups using drivers other than vtnet don’t seem to have the same problem, at least based on the alternatives I tested — e.g., AWS Nitro KVM instances are unaffected as they’re using the Elastic Network Adapters. Thanks, —Matt
