Strange speed problems with ipv6 forwarding

Andras Toth diosbejgli at gmail.com
Tue Oct 6 16:34:15 CEST 2015


Hi Frank,

Are you sure the traffic does not go out to the internet or take an
unexpected path? Check ping and traceroute to ensure the path is
expected and round-trip times are low (as you'd expect on a LAN).
Verify traceroute in both directions.

Another idea, perhaps something is misconfigured and the firewall
thinks that A and B hosts are on the same subnet and it sends out an
ICMPv6 Redirect packet for each packet transiting the firewall to
signal the source of a better/direct path. Generating these packets
might be CPU-intensive for the firewall and slow down the transfer.

Additionally, perform a packet capture when doing an IPv4 and IPv6
transfer and compare the two. Search for differences, look for TCP
window size values, window scaling values, they might be entirely
different in v4 and v6. Check also if there are some related packets
such as some ICMP errors or maybe some retransmits or duplicate ACKs
which you may see with v6 and not with v4.

Also, run top or atop or htop on the firewall to see the CPU usage and
compare the usage during IPv4 and IPv6 transfers to see if it's
significantly different, perhaps IPv6 uses more CPU cycles and you can
identify with top what process or task requires more CPU to have a
better understanding and fix it.

Best regards,
Andras


On Wed, Oct 7, 2015 at 1:07 AM, Frank Steiner
<fsteiner-mail1 at bio.ifi.lmu.de> wrote:
> Hi all,
>
> I've encountered a strange speed problem with ipv6 forwarding. We are using a routing firewall running SLES 11 sp3 at our chair. It has two 10GB network cards with 10G uplinks. We have a subnet behind the firewall and one in front of it and the firewall is configured to forward all traffic between the networks (and has ips from the network on the according devices of course). All hosts/networks have public ipv4 and public ipv6 IPs.
>
> Now I'm at  host A behind the firewall and copy a file from host B outside the firewall. Works with ~ 112MB/s (the hosts have 1 GB uplinks) when I explicitely use the ipv4 address of B in the scp/wget or whatever. When I use the ipv6 address of B (which is the default when I use the host name), the transfer rate drops to ~ 1 MB/s.
>
> When copying from A to B via ipv6 adresses I get ~ 15 MB/s.
>
> But (let's assume the firewall ist host F) when I copy from A to F, F to A, B to F, F to B, always using ipv6 addresses, I always get the full transfer speed of ~ 112 MB/s.
>
> Thus, both directions from and to the firewall from both subnets are working at full speed when using ipv6 adresses. Only the forwarding through the firewall is slow with ipv6 adresses, while it's fast with ipv4.
>
> I've no idea where to start looking. I flushed all ip6tables rules with no change, /proc/sys/net/ipv6/conf/all/forwarding is "1", default route is set for ipv4 and ipv6.
>
> Any ideas what could be wrong with my setup?
>
> cu,
> Frank
>
> --
> Dipl.-Inform. Frank Steiner   Web:  http://www.bio.ifi.lmu.de/~steiner/
> Lehrstuhl f. Bioinformatik    Mail: http://www.bio.ifi.lmu.de/~steiner/m/
> LMU, Amalienstr. 17           Phone: +49 89 2180-4049
> 80333 Muenchen, Germany       Fax:   +49 89 2180-99-4049
> * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *



More information about the ipv6-ops mailing list