Slow speed


#1

Anyone have any idea why we would have extremely slow download speed? We have a 2 Gb internet connection plugged into the VyOS server, basic NAT and firewall, no traffic shaping, a 100Mb connection to my test machine. I am only pulling 4Mb bown and 95Mb up through the VyOS box from the test machine but if I plug directly in to the ISP I get 97Mb down and 96Mb up which is what I expect over 100Mb. VyOS hardware id 2 quad core 3.16GHz processors with 32GB ram.

Nic: Intel X520-DA2 Dual 10Gb (eth2 and eth3)

Version: VyOS 1.1.7
Description: VyOS 1.1.7 (helium)
Copyright: 2016 VyOS maintainers and contributors
Built by: maintainers@vyos.net
Built on: Wed Feb 17 09:57:31 UTC 2016
Build ID: 1602170957-4459750
System type: x86 64-bit
Boot via: image
HW model: ProLiant DL360 G5
HW S/N:
HW UUID: Not Settable

firewall {
all-ping enable
broadcast-ping disable
config-trap disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name OUTSIDE-IN {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
}
name OUTSIDE-LOCAL {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action accept
icmp {
type-name echo-request
}
protocol icmp
state {
new enable
}
}
}
name INSIDE {
default-action accept
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
}
interfaces {
ethernet eth0 {
duplex auto
hw-id 00:22:64:9a:f5:44
smp_affinity auto
speed auto
}
ethernet eth1 {
duplex auto
hw-id 00:22:64:9a:f5:42
smp_affinity auto
speed auto
}
ethernet eth2 {
description INSIDE
duplex auto
hw-id 00:1b:21:82:c2:f8
smp_affinity auto
speed auto
vif 703 {
address 192.168.104.1/24
description Test
firewall {
in {
name test
}
}
}
}
ethernet eth3 {
description OUTSIDE
duplex auto
hw-id 00:1b:21:82:c2:f9
smp_affinity auto
speed auto
vif 804 {
address 69.x.x.2/24
description “Telecom Outside”
firewall {
in {
name OUTSIDE-IN
}
local {
name OUTSIDE-LOCAL
}
}
}
}
loopback lo {
}
}
nat {
source {
rule 100 {
outbound-interface eth3.804
source {
address 192.168.104.0/24
}
translation {
address masquerade
}
}
}
}
protocols {
static {
}
}
service {
dhcp-server {
disabled false
shared-network-name LAN {
authoritative disable
subnet 192.168.104.0/24 {
default-router 192.168.104.1
dns-server 8.8.8.8
dns-server 8.8.4.4
domain-name test-network
lease 86400
start 192.168.104.9 {
stop 192.168.104.254
}
}
}
}
ssh {
port 22
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
domain-name netviscom.com
gateway-address 69.x.x.1
host-name router1
login {
user vyos {
authentication {
encrypted-password
plaintext-password “”
}
level admin
}
}
name-server 64.22.253.132
name-server 8.8.4.4
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
package {
auto-sync 1
repository community {
components main
distribution helium
password “”
url http://packages.vyos.net/vyos
username “”
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone US/Central
}


#2

Can you run the following on your vyos machine and show me the output:

show interfaces ethernet eth2 physical

show interfaces ethernet eth3 physical


#3

vyos@router1:~$ show interfaces ethernet eth2 physical
Settings for eth2:
Supported ports: [ FIBRE ]
Supported link modes: 10000baseT/Full
Supports auto-negotiation: No
Advertised link modes: 10000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: No
Speed: 10000Mb/s
Duplex: Full
Port: FIBRE
PHYAD: 0
Transceiver: external
Auto-negotiation: off
Supports Wake-on: d
Wake-on: d
Current message level: 0x00000007 (7)
Link detected: yes
driver: ixgbe
version: 3.15.1-k
firmware-version: 0x18f60001
bus-info: 0000:13:00.0
vyos@router1:~$ show interfaces ethernet eth3 physical
Settings for eth3:
Supported ports: [ FIBRE ]
Supported link modes: 10000baseT/Full
Supports auto-negotiation: No
Advertised link modes: 10000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: No
Speed: 10000Mb/s
Duplex: Full
Port: FIBRE
PHYAD: 0
Transceiver: external
Auto-negotiation: off
Supports Wake-on: d
Wake-on: d
Current message level: 0x00000007 (7)
Link detected: yes
driver: ixgbe
version: 3.15.1-k
firmware-version: 0x18f60001
bus-info: 0000:13:00.1

We also change the NAT type from masquerade to translation
vyos@router1# sho nat
source {
rule 100 {
outbound-interface eth3.804
source {
address 192.168.104.0/24
}
translation {
address 69.55.159.2
}
}
}


#4

I’m also running into a similar problem. Not sure if I should put it here or in a separate thread.
Important details:
running build from 09 May 2017
WAN interface is getting great throughput ( getting full expected throughput of 250Mbps/25Mbps)
Inside LAN interfaces seem to be getting decent throughput (inside LAN is mix of 1GbE and SFP+. SFP+ -> SFP+ from router to another server is over 1Gbps)
LAN -> WAN seems to work well also as iperf3 shows ~25Mbps upload
WAN -> LAN seems to be where the trouble is located. Only pulling in around 1Mbps-2Mbps. PPS is low (like less than 1k)

Nat output and physical devices:

[code]# show nat
source {
rule 100 {
outbound-interface bond0
source {
address 192.168.0.0/18
}
translation {
address masquerade
}
}
rule 110 {
description “NAT Reflection: INSIDE”
destination {
address 192.168.0.0/18
}
outbound-interface bond0
source {
address 192.168.0.0/18
}
translation {
address masquerade
}
}
}

run show interfaces ethernet eth0 physical

Settings for eth0:
Supported ports: [ TP MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: Symmetric Receive-only
Advertised auto-negotiation: Yes
Link partner advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Link partner advertised pause frame use: No
Link partner advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: MII
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: pumbg
Wake-on: g
Current message level: 0x00000033 (51)
drv probe ifdown ifup
Link detected: yes
driver: r8169
version: 2.3LK-NAPI
firmware-version: rtl8168g-2_0.0.1 02/06/13
bus-info: 0000:05:00.0
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: yes
supports-priv-flags: no

run show interfaces ethernet eth1 physical

Settings for eth1:
Supported ports: [ FIBRE ]
Supported link modes: 10000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: No
Advertised link modes: 10000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: No
Speed: 10000Mb/s
Duplex: Full
Port: FIBRE
PHYAD: 0
Transceiver: external
Auto-negotiation: off
Supports Wake-on: d
Wake-on: d
Current message level: 0x00000007 (7)
drv probe link
Link detected: yes
driver: ixgbe
version: 4.2.1-k
firmware-version: 0x2b2c0001
bus-info: 0000:09:00.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: no[/code]

iperf is showing retrans and the bond0 (WAN interface) shows some drops, though at 112, I suspect it’s likely invalid packets. Thoughts?
Oh, yeah, forgot to mention hardware:
Ryzen 7 8-core 16-thread CPU @ 3.2GHz
16GB 2133MHz Corsair Dominator RAM
500GB Samsung EVO SSD
Intel x520-DA2


#5

I will suspect realtek network card @khrystoph


#6

Thanks for the reply Syncer. I don’t think the realtek card would cause 2Mbps download though. I swapped over to other cards (intel 82599 and intel gigabit cards) and none of them worked faster than about 2-4Mbps. I ended up switching over to pfsense and I figured out that there was a kernel tunable I hadn’t set (as I was having the same issues on pfsense) and once I fixed that, it seems that regardless of the card that I use, I get the full speeds now.

I’ll have to come back to playing with VyOS later as I needed to get my home network back up and running before next week so that I could do work from home next Friday. Anyway, I resolved my issues for now.


#7

Glad that you solved your issue


#8

What was the required kernel setting ?