From: Wolfgang Walter <linux@stwm.de>
To: netdev@vger.kernel.org
Subject: Big performance loss from 3.4.63 to 3.10.13 when routing ipv4
Date: Tue, 01 Oct 2013 18:39:32 +0200 [thread overview]
Message-ID: <3244031.uQGDddGTLF@h2o.as.studentenwerk.mhn.de> (raw)
Hello,
I tried to upgrade one of our routers to 3.10.13 from 3.4.63 and I see a
dramatic performance loss. I tried 3.11.2 and it is still there.
*** Symptoms:
All network traffic over the router become slow and sluggish. If one pings the
router there is a packet loss. After about 2 minutes the traffic completely
stalls for about 1 minute. Then it works again as in the beginning to then
stall again. And so on.
This happens even with rather moderate traffic. While still routing the CPU
utilization is higher than it is with 3.4.63 but only moderately.
When it stalls no network traffic seems possible (but to loopback). If one
tries to ping from the router any target (even if it is on a interface with no
traffic at all) one gets:
ping: sendmsg: No buffer space available
As the router has about 15G free memory this probably means that an internal
table is full.
The CPU-utilization is low within that period.
I can trigger it easily when I copy about 50 big files per scp over 50
different ipsec-tunnels:
* boot router
* wait until all ipsec tunnels are established
* start copying:
H <--1G--> Router <---1G--->.......<-- >=100MBit --> Xn <---100Mbit----> Rn
So there is a ipsec tunnel between Router and Xn for all n=1 to 50. I copy
files from Rn to H. I start the copy from H, so the tcp-connections get
established from H to Rn.
The same test works just fine with 3.4.63. All cores are used but no one
reaches its limit. The router does neither drop pings nor does it have
problems pinging other targets.
I tested 3.8.13 It seems not to have this issue if I increase
net.ipv4.inet_peer_threshold
(I tried 6566400, didn't try smaller values beside the default one).
If I use the default one 3.8.13 behaves badly.
But 3.8.13 seems to have other issues. Basically: routing stalls later much
longer (up to 6 minutes or so).
*** Environment:
It's a 8 core machine (with AES-NI). It establishes a lot of ipsec-tunnels. It
uses statefull packet filtering (but no NAT). The network-cards are intel
cards (driver: igb and ixgbe). No IPv6. No ethernet flow control enabled (but
doesn't matter). No traffic shaping (that is tc). igb/ixgbe interfaces:
nothing modified with ethtool but flow control (autoneg off tx off rx off).
Any idea?
Regards,
--
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts
next reply other threads:[~2013-10-01 16:47 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-01 16:39 Wolfgang Walter [this message]
2013-10-01 18:57 ` Big performance loss from 3.4.63 to 3.10.13 when routing ipv4 Brian Haley
2013-10-01 19:44 ` Wolfgang Walter
2013-10-01 22:20 ` Hannes Frederic Sowa
2013-10-22 19:07 ` Wolfgang Walter
2013-10-22 19:46 ` David Miller
2013-10-23 8:12 ` Steffen Klassert
2013-10-23 11:33 ` Wolfgang Walter
2013-10-23 12:00 ` Eric Dumazet
2013-10-23 12:26 ` Steffen Klassert
2013-10-23 15:57 ` Wolfgang Walter
2013-10-23 12:04 ` Steffen Klassert
2013-10-23 16:05 ` Wolfgang Walter
[not found] ` <3169911.kTmZ0BZVVr@h2o.as.studentenwerk.mhn.de>
[not found] ` <1382547992.7572.31.camel@edumazet-glaptop.roam.corp.google.com>
2013-10-23 22:52 ` Wolfgang Walter
2013-10-25 8:01 ` Steffen Klassert
2013-10-25 8:50 ` Eric Dumazet
2013-10-25 9:20 ` Steffen Klassert
2013-10-28 4:43 ` David Miller
2013-10-28 6:17 ` Eric Dumazet
2013-10-28 11:30 ` Steffen Klassert
2013-10-25 9:33 ` Wolfgang Walter
2013-10-24 11:07 ` Wolfgang Walter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3244031.uQGDddGTLF@h2o.as.studentenwerk.mhn.de \
--to=linux@stwm.de \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).