lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20120727183840.GE17572@p12n.org>
Date:	Fri, 27 Jul 2012 13:38:40 -0500
From:	Peter Samuelson <psamuelson@...lder.net>
To:	netdev@...r.kernel.org
Cc:	jgoerzen@...lder.net
Subject: TCP stalls with 802.3ad + bridge + kvm guest


So, we have the following network stack:

    ixgbe [10 Gbit port] -- bonding [802.3ad] -- bridge -- KVM guest

(There's also a VLAN layer, but I can reproduce this problem without
it.)  It all works, except that with some flows in the KVM guest - I
can reproduce using smbclient - transfers keep stalling, such that I'm
averaging well under 1 MB/s.  Should be more like 100 MB/s.

Oddly, this only occurs when both the 802.3ad and KVM are used:

    Server        Agg        Client         TCP stalls
    --------------------------------------------------
    external      none       KVM guest      no
    external      802.3ad    KVM host       no
    KVM host      802.3ad    KVM guest      no
    external      802.3ad    KVM guest      yes

I don't understand the stalls.  'ping -f' does not show any dropped
packets.  tcpdump seems to show a lot of retransmits (server to
client), out-of-order TCP segments (server to client), and duplicate
ACKs (client to server).

Further notes:

- OS for KVM host (and guest) is Debian stable, with kernels from
  Debian backports.  I've tried several kernels including 3.4,
  currently using 3.2.20.

- Arista 10 Gbit switch, no congestion to speak of, all the test
  traffic is local to the switch.

- I can reproduce with either 1 or 2 active ports in the LACP group.

- The host IP is bound to the bridge, not directly to bond0.

- First noticed problem with a Windows VM and SMB.  I can reproduce
  100% using smbclient, but wget (http) goes full speed.

Does any of this sound familiar?  Is it a known issue?  Can anyone
offer any hints?  I can run tcpdump on the client, the server or any
point in the KVM host network stack, in case anyone is better at
interpreting them than I am.

Thanks,
Peter
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists