lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20121229092417.GA4038@paralelels.com>
Date:	Sat, 29 Dec 2012 13:24:52 +0400
From:	Andrew Vagin <avagin@...allels.com>
To:	<netdev@...r.kernel.org>
CC:	<vvs@...allels.com>
Subject: Slow speed of tcp connections in a network namespace

We found a few nodes, where network works slow in containers.

For testing speed of TCP connections we use wget, which downloads iso
images from the internet.

wget in the new netns reports only 1.5 MB/s, but wget in the root netns
reports 33MB/s.

A few facts:
 * Experiments shows that window size for CT traffic does not increases
   up to ~900, however for host traffic window size increases up to ~14000
 * packets are shuffled in the netns sometimes.
 * tso/gro/gso changes on interfaces does not help
 * issue was _NOT_ reproduced if kernel booted with maxcpus=1 or bnx2.disable_msi=1

I reduced steps to reproduce:
* Create a new network namespace "test" and a veth pair.
  # ip netns add test
  # ip link add name veth0 type veth peer name veth1

* Move veth1 into the netns test
  # ip link set veth1 netns test

* Set ip address on veth1 and proper routing rules are added for this ip
  in the root netns.
  # ip link set up dev veth0;  ip link set up dev veth0
  # ip netns exec test ip a add REMOTE dev veth1
  # ip netns exec test ip r a default via veth1
  # ip r a REMOTE/32 via dev veth0

Tcpdump for both cases are attached to this message.
tcpdump.host - wget in the root netns
tcpdump.netns.host - tcpdump for the host device, wget in the new netns
tcpdump.netns.veth - tcpdump for the veth1 device, wget in the new netns

3.8-rc1 is used for experiments.

Do you have any ideas where is a problem?

Download attachment "tcpdump.host.gz" of type "application/x-gzip" (168126 bytes)

Download attachment "tcpdump.netns.veth.gz" of type "application/x-gzip" (178809 bytes)

Download attachment "tcpdump.netns.host.gz" of type "application/x-gzip" (178424 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ