Project

General

Profile

Issue #2897

Bad performance when connected to strongSwan IPv6 address

Added by James Dogopoulos over 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
kernel
Affected version:
5.7.2
Resolution:
No feedback

Description

This feels like an MTU or kernel issue again (this is CentOS with an epel kernel) but for IPv6 and probably not strongSwan related. I didn't see this raised yet here. Current server works fine with ipv4/6 when connecting to strongSwans IPv4 address after adding the iptables mangle rule to lower MTU. When clients connect to strongSwans IPv6 IP there is very poor performance. The interface MTU on the server is 1500 but the MTU is set at 1280 in sysctl. I'm not sure what the best approach is here but will try to find time to try some things and report back with a solution if I find one. If anyone has any other info that'd be great too.

[root@vpn1 jd]# sysctl -a | grep ipv6 | grep mtu
net.ipv6.conf.all.accept_ra_mtu = 1
net.ipv6.conf.all.mtu = 1280
net.ipv6.conf.default.accept_ra_mtu = 1
net.ipv6.conf.default.mtu = 1280
net.ipv6.conf.ens160.accept_ra_mtu = 1
net.ipv6.conf.ens160.mtu = 1500
net.ipv6.conf.lo.accept_ra_mtu = 1
net.ipv6.conf.lo.mtu = 65536
net.ipv6.route.mtu_expires = 600

History

#1 Updated by James Dogopoulos over 3 years ago

Well I tried the latest elrepo kernel with no change. Disabled RA mtu and tried raising the IPv6 mtus to 1350 and 1400, no change at all in performance. It initially bursts to 20-30mbit then falls and stays around 5-10mbit. I'll report back if I try or find anything else.

#2 Updated by Tobias Brunner about 3 years ago

  • Category set to kernel
  • Status changed from New to Closed
  • Resolution set to No feedback

Also available in: Atom PDF