[updated with new ifconfs/iperf] config. causing 300Mbps drop in lan performance
-
What change did you make to remove the promiscuous flag from left em3?
Since that seems to have had the opposite effect what happens if you enable promiscuous mode on both em3 NICs?
Steve
Here is what I've done. Removed all interfaces (sans WAN interface, I need this to vpn into my boxes). Removed all VLAN interfaces. and Removed all CARP VIPs on all interfaces. I noticed that simply adding CARP VIPs forces all respective interfaces into promiscuous mode. Then I went and reconfigured everything.
-
Enabling any sort of virtual interface on a physical one necessitates promiscuous mode as it has to respond to more than one MAC address.
I have no idea why that would speed up the throughput though. Anyone else? :-\
Steve
-
Enabling any sort of virtual interface on a physical one necessitates promiscuous mode as it has to respond to more than one MAC address.
I have no idea why that would speed up the throughput though. Anyone else? :-\
Steve
Thanks for the help! I have posted my most recent ifconfigs and tests. Also, I also committed one of my boxes to the most recent 2.1 build to see if any difference would be made. The version difference now adds another variable to the mix but I had no more ideas…
Anybody?
-
Correct me if I am wrong, but as I understand it, VLAN tagging occurs when packets leave an interface. Therefore, my results can be interpreted in the following way:
First, FreeBSD 8.3 em drivers tag packets "faster" than 8.1 drivers. This can be seen by observing the performance difference between vlan tagging on traffic originating from a 2.1 and a 2.0.3 box (see my first post). Path #1 reveals a performance metric slightly higher than Path #2. Path #1 traffic is originating from a pfSense 2.1 box, Path #2 traffic is originating from a pfSense 2.0.3 box. I would imagine that if I updated my "left" box to 2.1, that I would obtain slightly higher throughput.
Second, I performed another test by disabling all VLANs on the "right" box and simply untagged its LAN switch port to VLAN 10 (Management). Simply, ALL VLAN TAGGING IS DISABLED on the "right" box. Here are the results:
Path #1
Path #2
Notice that when a box is not tagging VLANS, the outbound performance shoots up again! This tells me a few things:
First, my switch isn't the problem. As these packets are having to be tagged before approaching the "left" box, or untagged when approaching the "right" box. My switch is handling the tagging/untagging just fine. Second, this further supports my first interpretation that VLAN tagging on pfSense is what is causing the performance degradation.
Now, is this simply a limitation to my pfSense hardware? My hardware is already "overkill" by most pfSense standards. I like to look "ahead" when making hardware purchases. So this was intentional. However, is it safe to put this to rest and call it a hardware limitation or is there something I am overlooking. Some configuration problem that is causing the performance degradation?
-
To test your tagging theory you should have disabled the VLANs on the left box. As is stands the results above are the same as with VLAN tagging on the box, left-to-right 700Mb and right-to-left 900Mb.
Also I'm pretty sure both boxes were running 2.0.3 when I last looked at this thread, did you upgrade one? Try upgrading both. The newer drivers in 8.3 might well be making better use of the hardware features of the NIC.
Steve
-
To test your tagging theory you should have disabled the VLANs on the left box. As is stands the results above are the same as with VLAN tagging on the box, left-to-right 700Mb and right-to-left 900Mb.
Also I'm pretty sure both boxes were running 2.0.3 when I last looked at this thread, did you upgrade one? Try upgrading both. The newer drivers in 8.3 might well be making better use of the hardware features of the NIC.
Steve
You are correct, but notice that in the original post, the "right-to-left" test was performed from a 2.1 box. The speeds are clearly slower than usual. However, upon disabling VLANS on the right box, "right-to-left" performance jumped back up to 900+ Mbps (which is about as fast as you'll ever see gigabit flow). My left box is acting as my production box at the moment. Although they will both be configured for CARP soon, I will have to get my "right" box assuming the production roles before attempting such a test. I might take down the VLANS on the production box tonight and run tests.
Simply, the "right-to-left" vs "left-to-right" difference seen in my original post is simply attributed to more efficient driver support in 8.3 (as opposed to 8.1).
What I would be very curious in seeing other people's iperf results with similar conditions. Basically, running the client behind an interface that is tagging multiple VLANs.
-
Update: I decided to figure out which of the two OEM cards I am tagging on.
I simple command revealed the following:
$ pciconf -lv em0@pci0:1:0:0: class=0x020000 card=0x135e8086 chip=0x105e8086 rev=0x06 hdr=0x00 class = network subclass = ethernet em1@pci0:1:0:1: class=0x020000 card=0x135e8086 chip=0x105e8086 rev=0x06 hdr=0x00 class = network subclass = ethernet em2@pci0:0:25:0: class=0x020000 card=0x202d8086 chip=0x15028086 rev=0x05 hdr=0x00 class = network subclass = ethernet em3@pci0:3:0:0: class=0x020000 card=0x202d8086 chip=0x10d38086 rev=0x00 hdr=0x00 class = network subclass = ethernetI know that the em0/1 cards are identical (hence the same chip value 0x[DevID][VendorID]) A simple search of the list of retail cards http://www.intel.com/support/network/sb/cs-012904.htm reveals that it is indeed a Intel Pro/1000 PT dual card. As expected.
The manual isn't very clear which of the two board NICs is the 82579LM or the 82574L. However, after bouncing the DeviceID and VendorID against the OEM database, I have discovered that my LAN interface is using the 82574L card and not the 82579LM card.
Here are their respective ARK sheets:
http://ark.intel.com/products/47620/Intel-82579LM-Gigabit-Ethernet-PHY
http://ark.intel.com/products/32209/Intel-82574L-Gigabit-Ethernet-ControllerSome interesting finds:
First, the 82574L Controller is also used the Pro/1000 CT Desktop retail boards.
Second, the 82579LM is also ~3 years newer.
Third, clearly I should either be using the second port on my PT board or the 82579LM. I believe I am using the "worst" of the three controllers in my boxes for my LAN interface.These boxes are about 900 miles away from my present location. I do all of my work remotely. I will be getting one of my guys on site to move some cables around in the morning and report back with new metrics.
I have both boxes connected directly through the 82579LM (this is my dedicated sync interface). Is it possible to tag and trunk vlans over a direct connection without a switch? I might give this a try as well to see how performance goes over the 8259LM (instead of having to move cables around).
Edit #1:
Okay here is the current testing setup:I am now tagging on the 8259LM card on both boxes. I have three VLANS and static IPs are assigned across the board.
VLAN 100, 200, 300
left 100: 192.168.1.1/24
left 200: 192.168.2.1/24
left 300: 192.168.3.1/24right 100: 192.168.1.2/24
right 200: 192.168.2.2/24
right 300: 192.168.3.2/24Here are the results:
Path #1:
Path #2:
Now, unless my switch is causing these issues (which is very unlikely, I have already consulted my switch manufacturers message boards), the issue has got to be the 82574L (CT Desktop card).
Edit #2:
I just did a serious hardcore test using the setup in Edit #1.
Here is what I did. Ran an iPerf across VLAN 100 from "right-to-left" for 60 seconds. While running that test, I then ran another iperf across VLAN 200 from "left-to-right". Even saturating the bandwidth both tests averaged at around 880 Mbps. That isn't bad at all! Considering packets were flying like mad.
-
Ah, that's an interesting result. :)
I will say that the 82574 was until very recently one of Intel's most popular NIC chips, used just about everywhere. I would be very surprised if it was a hardware problem. That's the chip that suffered the 'packet of death' and the reason it was so worrying was that chip is everywhere. PoD not an issue by the way. ;)Is it possible to tag and trunk vlans over a direct connection without a switch?
I take it you have discovered it is possible.
Steve
-
Ah, that's an interesting result. :)
I will say that the 82574 was until very recently one of Intel's most popular NIC chips, used just about everywhere. I would be very surprised if it was a hardware problem. That's the chip that suffered the 'packet of death' and the reason it was so worrying was that chip is everywhere. PoD not an issue by the way. ;)Is it possible to tag and trunk vlans over a direct connection without a switch?
I take it you have discovered it is possible.
Steve
Okay I can confirm that moving my LAN connection to the 82579LM (and changing the parent interface of the three VLANs) results in 915-935 Mbps speeds in both directions! Sweet! :) I had my contact move the LAN connection to the 82579LM on both boxes and I just made the configuration change. So my findings were correct. The 82574L just doesn't handle VLAN tagging as well as it could. Clearly from the ARK sheets, the 82574L controller was designed more for endpoint devices, not server hardware. However, the 82579LM is a much more capable controller.
Thanks
-
You could try disabling the hardware VLAN tagging on the 82574 and do it in software instead. I believe the command for that would be:
ifconfig em3 -VLAN_HWTAGGINGInterestingly I see that it also supports VLAN_HWFILTER which em2 does not. Perhaps the FreeBSD driver in 2.0.X attempts to use this feature and it ends up actually slowing the connection?
Stve
-
You could try disabling the hardware VLAN tagging on the 82574 and do it in software instead. I believe the command for that would be:
ifconfig em3 -VLAN_HWTAGGINGInterestingly I see that it also supports VLAN_HWFILTER which em2 does not. Perhaps the FreeBSD driver in 2.0.X attempts to use this feature and it ends up actually slowing the connection?
Stve
I'm not quite following you. Both em2 and em3 show VLAN_HWFILTER as an option
em3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=5219b<rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast>em2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=5209b<rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwfilter,vlan_hwtso></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast> -
Oops! My mistake, not sure how that happened. :-[
Steve
