From: Glen Huang <hey.hgl@gmail.com>
To: Pascal Hambourg <pascal@plouf.fr.eu.org>
Cc: netfilter@vger.kernel.org
Subject: Re: Network slowing down by masquerade
Date: Tue, 14 Jul 2015 20:52:34 +0800 [thread overview]
Message-ID: <1E8FACB4-D45A-4564-AA7A-B7A940B91867@gmail.com> (raw)
In-Reply-To: <55A18502.6090201@plouf.fr.eu.org>
> Why do you have to use --interface ?
Because ppp1 is not the default route's output device. I'm running that command on the gateway to test the connection. Forgot to mention it, Sorry.
> I would suspect first MTU issues
It's indeed a MTU issue. After enabling MSS clamping, I get full speed on the host. Thank you so much for the help. :)
> On Jul 12, 2015, at 5:05 AM, Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
>
> Glen Huang a écrit :
>> I have a pptp client connection (ppp1) on a gateway. If I directly
>> using curl --interface ppp1 to download a file, I get full download
>> speed very quickly (2m/s).
>
> Why do you have to use --interface ?
>
>> But if I route my lan host to ppp1 and -o ppp1 -j MASQUERADE, running
>> curl to download the same file on the host starts very slow (less than
>> 100k/s), then the speed *slowly* increases(about 50k per second), until
>> it reach about 1.8m/s. While downloading the file on the host, the
>> gateway's cpu usage never reach 1 from the output of top.
>>
>> If I directly establish the pptp client connection on host, I quickly
>> get full speed again.
>>
>> I wonder what might slow down the network when the packets are
>> forwarded. I'm currently guess it's the masquerade target, but I'm not sure.
>
> I don't think MASQUERADE is the culprit. I would suspect first MTU
> issues (fragmentation, path MTU discovery).
>
>> How do I test it?
>
> Lower the MTU of the client host LAN interface below ~1460.
prev parent reply other threads:[~2015-07-14 12:52 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-09 12:58 Network slowing down by masquerade Glen Huang
2015-07-11 21:05 ` Pascal Hambourg
2015-07-14 12:52 ` Glen Huang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1E8FACB4-D45A-4564-AA7A-B7A940B91867@gmail.com \
--to=hey.hgl@gmail.com \
--cc=netfilter@vger.kernel.org \
--cc=pascal@plouf.fr.eu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.