[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: XSA-332 kernel patch - huge network performance on pfSense VMs

  • To: Samuel Verschelde <samuel.verschelde@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Mon, 18 Jan 2021 11:03:40 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zXQVh/+P7achXbUrYztTV+Fz6RuD2/1ZnsJT3QbJkfo=; b=PD0paIQy1bv0qP5anc/Ix7+UA1tfgbxWlV87vD8AHxB9Gyh0/GVxT8qUMSpSUmsJ3wofpS8Zk0CX44sHiLQm+87cr1TtZlGNBACLSgi5wZz4kNFZOosFZVB96m2FmjWoUuASpFUn5POjqhAnDpUba1EYDH40Q4Ov6+l0bTsl7OEJNMIzTa02c0S1nHQwNDhGXB67C8HoZDLEBqtuaYMomJhkX67sVU3WbFyVTSH7G6l7LgVeuOQsK15sI2BY5IHQxnZg1ouzw2bMIKc9ge+YFBeVS3suuhswUBYV+42sLdoSmaTpYsh+6xVfvcJXnLmZ97imNQsQnCgKfjhdXp2sZg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SwJDJxRur0VUb4rqNQEO7elgsTwaFoiE2AkJHvk5pClb6SMPEFRjC+XjB0N5DpGVj049tuxbQtHEquPOh+Gs2tJFADKgxli2hqNBaSHtlqXtDtVmPWKcQMIiL/XBZ3cbqTrsmOhDm3+4NN9xIt/ybMRZtloazEgLmIBSythOQfQ8hc/ULeBT70/FSbCWo7cNkps11cjFiSQYxk9WPTqhTnjDq7DniLohCdT6snErK1TT9eswWXhAE7rx/X3e0n80s4xZoZerTDevHG9WSX6lNYOZTZXS6n2M/DC3tn+P/JXMF/IwkQiQ3wtLglGmCbFbigCExoV4BlTy3UmPh7Gk8Q==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 18 Jan 2021 10:04:01 +0000
  • Ironport-sdr: aMsntsslgttitjw72dumelPBqrBsIkaijgZunTSauXyhFFjSZcfDnZ4F0pKrc72zK4hofU+MA4 /uyq8t1GvSZC1gSVMRyVQEN84f+vPU/lJLrpAO75nNR76fRgs3CxU8g7Cekn4XETeZJNaDJTlt 6QoGusXAKhI7IGRLq57FXa2N4JzDhwcm4hNFWVhZc9roTXK0zs9nI9e5GWUdZ5Ps5ucDe2jb02 3h+EviL3chjU3s179I248P8mtZ0iocrVwWP4LncJNMo3ITpEh81Z/3hde17btG9XqX54UKoAIq Mu8=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, Jan 15, 2021 at 03:03:26PM +0000, Samuel Verschelde wrote:
> Hi list,
> Another "popular" thread on XCP-ng forum [1], started in october 2020,
> allowed us to detect that patch 12 from the XSA-332 advisory [2] had a very
> significant impact on network performance in the case of pfSense VMs.
> We reproduced the issue internally (well, we reproduced "something". The
> user setups in this thread are diverse) and our findings seem to confirm
> what the users reported. Running iperf3 from the pfSense VM to a debian VM
> gives results around 5 times slower than before. Reverting this single patch
> brings the performance back. On the debian to pfSense direction, the drop is
> about 25%.

pfSense is based on FreeBSD, so I would bet that whatever performance
degradation you are seeing would also happen with plain FreeBSD. I
would assume netfront in FreeBSD is triggering the ratelimit on Linux,
and hence it gets throttled.

Do you think you have the bandwidth to look into the FreeBSD side and
try to provide a fix? I'm happy to review and commit in upstream
FreeBSD, but would be nice to have someone else also in the loop as
ATM I'm the only one doing FreeBSD/Xen development AFAIK.

Thanks, Roger.



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.