* Network slowing down by masquerade
@ 2015-07-09 12:58 Glen Huang
2015-07-11 21:05 ` Pascal Hambourg
0 siblings, 1 reply; 3+ messages in thread
From: Glen Huang @ 2015-07-09 12:58 UTC (permalink / raw)
To: netfilter
I have a pptp client connection (ppp1) on a gateway. If I directly using curl --interface ppp1 to download a file, I get full download speed very quickly (2m/s). But if I route my lan host to ppp1 and -o ppp1 -j MASQUERADE, running curl to download the same file on the host starts very slow (less than 100k/s), then the speed *slowly* increases(about 50k per second), until it reach about 1.8m/s. While downloading the file on the host, the gateway's cpu usage never reach 1 from the output of top.
If I directly establish the pptp client connection on host, I quickly get full speed again.
I wonder what might slow down the network when the packets are forwarded. I'm currently guess it's the masquerade target, but I'm not sure. How do I test it? If it's masquerade, is it possible to speed it up?
I'm using iptables v1.4.21, kernel v3.18.14.
Thanks in advance.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Network slowing down by masquerade
2015-07-09 12:58 Network slowing down by masquerade Glen Huang
@ 2015-07-11 21:05 ` Pascal Hambourg
2015-07-14 12:52 ` Glen Huang
0 siblings, 1 reply; 3+ messages in thread
From: Pascal Hambourg @ 2015-07-11 21:05 UTC (permalink / raw)
To: Glen Huang; +Cc: netfilter
Glen Huang a écrit :
> I have a pptp client connection (ppp1) on a gateway. If I directly
> using curl --interface ppp1 to download a file, I get full download
> speed very quickly (2m/s).
Why do you have to use --interface ?
> But if I route my lan host to ppp1 and -o ppp1 -j MASQUERADE, running
> curl to download the same file on the host starts very slow (less than
> 100k/s), then the speed *slowly* increases(about 50k per second), until
> it reach about 1.8m/s. While downloading the file on the host, the
> gateway's cpu usage never reach 1 from the output of top.
>
> If I directly establish the pptp client connection on host, I quickly
> get full speed again.
>
> I wonder what might slow down the network when the packets are
> forwarded. I'm currently guess it's the masquerade target, but I'm not sure.
I don't think MASQUERADE is the culprit. I would suspect first MTU
issues (fragmentation, path MTU discovery).
> How do I test it?
Lower the MTU of the client host LAN interface below ~1460.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Network slowing down by masquerade
2015-07-11 21:05 ` Pascal Hambourg
@ 2015-07-14 12:52 ` Glen Huang
0 siblings, 0 replies; 3+ messages in thread
From: Glen Huang @ 2015-07-14 12:52 UTC (permalink / raw)
To: Pascal Hambourg; +Cc: netfilter
> Why do you have to use --interface ?
Because ppp1 is not the default route's output device. I'm running that command on the gateway to test the connection. Forgot to mention it, Sorry.
> I would suspect first MTU issues
It's indeed a MTU issue. After enabling MSS clamping, I get full speed on the host. Thank you so much for the help. :)
> On Jul 12, 2015, at 5:05 AM, Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
>
> Glen Huang a écrit :
>> I have a pptp client connection (ppp1) on a gateway. If I directly
>> using curl --interface ppp1 to download a file, I get full download
>> speed very quickly (2m/s).
>
> Why do you have to use --interface ?
>
>> But if I route my lan host to ppp1 and -o ppp1 -j MASQUERADE, running
>> curl to download the same file on the host starts very slow (less than
>> 100k/s), then the speed *slowly* increases(about 50k per second), until
>> it reach about 1.8m/s. While downloading the file on the host, the
>> gateway's cpu usage never reach 1 from the output of top.
>>
>> If I directly establish the pptp client connection on host, I quickly
>> get full speed again.
>>
>> I wonder what might slow down the network when the packets are
>> forwarded. I'm currently guess it's the masquerade target, but I'm not sure.
>
> I don't think MASQUERADE is the culprit. I would suspect first MTU
> issues (fragmentation, path MTU discovery).
>
>> How do I test it?
>
> Lower the MTU of the client host LAN interface below ~1460.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-07-14 12:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-09 12:58 Network slowing down by masquerade Glen Huang
2015-07-11 21:05 ` Pascal Hambourg
2015-07-14 12:52 ` Glen Huang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.