Very slow rsync speed over IPSec VPN

, , , , ,
1

Hi All,

I am facing issues with Ipsec site-to-site VPN.

I ahem 500Mb/s of internet at both locations.
But the rsycn speeds over IPSec VPN is just 2-3MB/s that I am getting.

I have checked the over all BW utilisation (LAN and WAN), its very low.

Please help.

2

Hi, rituka

Could you please clarify what commans did you use and which options?

3

Hi,

I am using below 2 commands:

rsync -vrPtz

rsync rsync -aHAXxv --progress

4

Thanks for quick responding.

If you don’t need comparison you should try -W (it’s disabling comparison).
Also –no-compress may be useful.
And finally -S would process sparse files (if you have some)

5

using :

rsync -vrPtzWS –no-compress

Still very very bad rsync speed ( 1.82MB/s ) on a 500Mb/s link

6

Also, would be great if you disable -z

7

rsync -vrPtWS –no-compress

1.98MB/s

Still the same.

8

Could you please specify how big and multiple are those files and usage of CPU?

9

CPU usage is minimal

Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st

915563612 b file

10

Could some help on this?

Anything that I can check/configure to speed up the sync.

11

Hello, rituka!

Sorry for delay. This is very interesting case. Could you please:

  1. Chech rate limit for VPN
  2. Specify how many of files are transfering
  3. Check your rsync version
  4. Check speed of source and distanation of hard drives
  5. If nothing helps try run multiple instances of rsync for different parts of your transfer

Will be glad to hear you back

12

Did you ever check real transfer speed via IPSec tunnel ?

13

Do you experience any other problems over this ipsec link ?
I would check if you have a problem with MTU size and experiment with lower MTU’s.

On the interface you have as the ipsec interface (eth0?) set the policy to “route MSS-CLAMP” then add a policy section to experiment with the mss size.

policy {
route MSS-CLAMP {
rule 10 {
protocol tcp
set {
tcp-mss 1280
}
tcp {
flags SYN,!RST
}
}
}
}

14

Hi,

@klase :I have tried setting up MSS as well. This didn’t help either.

@pepe : Yes, the BW has been very good (46MB/s) via ipsec tunnel. Since a month this has been an issue.

15

@acrane
1.
RX: bytes packets errors dropped overrun mcast
955014427 8043771 0 0 0 0
TX: bytes packets errors dropped carrier collisions
11382766328 8791904 5 0 5 0

  1. Having issues even with a single file transfer as well. Download is fine, upload is super super slow.
  2. I am using 3.1.3-1 rsycn version. I tried iperf3 as well. Same BW.
  3. I am using NVMEs (super fast they are).
  4. Tried that, nothing happened.

Troubleshooting that I have done:

  1. Changed the MTU from 1436, 1500, 9000 - same results.
  2. Applied TCP-MSS as well.
  3. Rebooted the FW.
  4. Asked ISP to change the path for my internet - same results.

I am completely blocked here.

16

On destination side:

rituka@DC:~$ sudo netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth3 1500 0 4384893856 4 392823 0 1122466734 0 0 0 BMRU
eth5 1500 0 0 0 0 0 0 0 0 0 BMU
eth6 1500 0 1251004652 0 117 25 1907916020 0 0 0 BMRU
eth7 1500 0 58693037 0 1440046 0 79983636 0 0 0 BMRU
eth8 1500 0 158556088 0 0 0 103171835 0 0 0 BMRU
eth9 1500 0 351752048 2 252293 2502618 527263857 0 0 0 BMU
eth10 1500 0 2878319 0 1437342 0 7353 0 0 0 BMRU
eth11 1500 0 1704545861 0 8768706 0 4159749250 0 0 0 BMRU
eth12 1500 0 12546277 0 1440145 0 96599 0 0 0 BMRU
lo 65536 0 1383933 0 0 0 1383933 0 0 0 LRU
vti1 1436 0 428243134 0 0 0 458276644 319 0 0 OPRU
vti2 1436 0 25013001 0 0 0 18264965 33 0 0 OPRU
vti6 1500 0 0 0 0 0 0 79154 0 0 OPRU

17

Are you using the exact same options for both rsync calls?

18

@acrane : yes exactly the same.

19

Could you please specify: you want to backup files or synchronize them?

20

I want to upload files from one location to another over IPSec VPN. I am using Vyos at both locations.