惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Blog of Author Tim Ferriss
TaoSecurity Blog
TaoSecurity Blog
Apple Machine Learning Research
Apple Machine Learning Research
Hugging Face - Blog
Hugging Face - Blog
IT之家
IT之家
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
小众软件
小众软件
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
S
SegmentFault 最新的问题
T
Troy Hunt's Blog
N
News and Events Feed by Topic
雷峰网
雷峰网
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
PCI Perspectives
PCI Perspectives
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园 - 三生石上(FineUI控件)
Schneier on Security
Schneier on Security
T
The Exploit Database - CXSecurity.com
L
LINUX DO - 最新话题
V
V2EX
T
Threat Research - Cisco Blogs
人人都是产品经理
人人都是产品经理
C
Cisco Blogs
The GitHub Blog
The GitHub Blog
爱范儿
爱范儿
I
Intezer
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Recent Announcements
Recent Announcements
月光博客
月光博客
Recent Commits to openclaw:main
Recent Commits to openclaw:main
N
News | PayPal Newsroom
Cyberwarzone
Cyberwarzone
B
Blog
博客园 - 聂微东
P
Palo Alto Networks Blog
A
About on SuperTechFans
The Last Watchdog
The Last Watchdog
Scott Helme
Scott Helme
Google DeepMind News
Google DeepMind News
Webroot Blog
Webroot Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
O
OpenAI News
C
Check Point Blog
Hacker News: Ask HN
Hacker News: Ask HN
W
WeLiveSecurity
V
Vulnerabilities – Threatpost
博客园 - 【当耐特】
有赞技术团队
有赞技术团队
A
Arctic Wolf

IT Notes - kvm

IT Notes IT Notes
IT Notes
Stefano Marinelli · 2023-08-14 · via IT Notes - kvm

In the world of FreeBSD, jails are a renowned feature that allows for system-level virtualization. As I was setting up the jails for BSDCafe, I stumbled upon an interesting discovery: the network performance of VNET jails was noticeably lower compared to that of VPS or standard jails. Rather than diving into this immediately, I decided to take a mental note and proceed.

As I delved deeper with various tests, a pattern began to emerge. Anytime there was a NAT (Network Address Translation) acting between the internal bridge of the VNET jails - irrespective of whether it was local or bridged via a VPN - the outgoing performance took a nosedive.

From using tcpdump to carrying out MTU (Maximum Transmission Unit) tests, my endeavors seemed fruitless. However, a memory from the past struck me. I recalled setting up a FreeBSD VM on Proxmox (effectively pointing towards an issue with KVM) where I had to make specific tweaks.

To remedy the situation, I made the following modifications:

  1. Added the following to /boot/loader.conf:
hw.vtnet.X.csum_disable=1
hw.vtnet.lro_disable=1
  1. Integrated these lines into /etc/sysctl.conf:
net.link.bridge.pfil_member=0
net.link.bridge.pfil_bridge=0
net.link.bridge.pfil_onlyip=0
  1. And appended to /etc/rc.local (which I already use for initialization):
ifconfig vtnet0 -rxcsum

The end result was exhilarating: not only did the VNET jails now perform at full bandwidth, but even those interconnected via VPN showcased commendable performance.

Interestingly, this seems to be linked to a long-standing bug from 2012, FreeBSD Bug 165059. This issue is even highlighted in the official PFSense documentation.

In the vast landscape of tech, sometimes revisiting the past provides solutions for the present. All's well that ends well, and I'm pleased to share this resolution with my readers. For those dabbling in FreeBSD, I hope this piece offers some guidance in optimizing your VNET jail setups.