Hi All,
Not sure if this is the correct place to ask for help, but I’m trying to evaluate Vyos after good recommendations, and not understanding what I’m seeing. I’ve setup a test device with 25G (intel E810, EPYC node) for evaluating, and struggling with barely 1Gbps throughput and stuttering/unplayable video, unable to keep streams alive. For comparison, regular old fedora with ancient iptables does ~6G per tcp socket, no latency/dns/stuttering.
I’ve stripped everything back to the ‘quickstart’ settings, and I’m not sure what I’m missing.
Here’s my config - any pointers would be appreciated!
vyos@vyos# show
firewall {
firewall {
flowtable FT1 {
description Fastpath
interface eth0
interface eth1
offload software
}
ipv4 {
forward {
filter {
default-action drop
rule 10 {
action offload
description Fastpath
offload-target FT1
state established
state related
}
rule 20 {
action accept
inbound-interface {
name eth0
}
state established
state related
}
rule 100 {
action accept
description "Allow LAN"
inbound-interface {
name eth1
}
}
}
}
input {
filter {
default-action drop
rule 10 {
action accept
inbound-interface {
name eth0
}
state established
state related
}
rule 20 {
action jump
destination {
port 22
}
jump-target VyOS_MGT
protocol tcp
}
rule 30 {
action accept
icmp {
type-name echo-request
}
protocol icmp
state new
}
rule 40 {
action accept
destination {
port 53
}
protocol tcp_udp
source 10.10.10.0/24
}
}
rule 50 {
action accept
source {
address 127.0.0.0/8
}
}
rule 100 {
action accept
description "Allow LAN"
inbound-interface {
name eth1
}
}
}
}
name VyOS_MGT {
default-action return
rule 15 {
action accept
inbound-interface eth1
}
rule 20 {
action drop
inbound-interface eth0
state new
}
}
output {
filter {
default-action accept
}
}
}
}
interfaces {
ethernet eth0 {
address dhcp
address dhcpv6
description WAN
dhcpv6-options {
pd 0 {
interface eth0 {
address 1
}
length 48
}
}
hw-id xx.xx.xx.xx.xx
ipv6 {
address {
autoconf
}
}
offload {
gro
gso
sg
tso
}
}
ethernet eth1 {
address 10.10.10.1/24
description LAN
hw-id xx.xx.xx.xx.xx
offload {
gro
gso
sg
tso
}
}
loopback lo {
}
}
nat {
source {
rule 100 {
outbound-interface {
name eth0
}
source {
address 10.10.10.0/24
}
translation {
address masquerade
}
}
}
}
service {
dhcp-server {
shared-network-name LAN {
subnet 10.10.10.0/24 {
lease 86400
option {
default-router 10.10.10.1
domain-name home.local
}
range 0 {
start 10.10.10.20
stop 10.10.10.200
}
subnet-id 1
}
}
}
dns {
forwarding {
allow-from 10.10.10.0/24
cache-size 0
dhcp eth0
listen-address 10.10.10.1
}
}
lldp {
interface eth1 {
}
management-address 10.10.10.1
}
ntp {
server 0.ch.pool.ntp.org {
}
server 1.ch.pool.ntp.org {
}
server 2.ch.pool.ntp.org {
}
server 3.ch.pool.ntp.org {
}
}
ssh {
port 22
}
}