DPI  😡

Ich lerne zunehmend, daß Provider $Dinge tun, die ich für fragwürdig halte.

Ich möchte Daten von Server A nach Server B transferieren, dies möglichst schnell und möglichst ohne großen Overhead. Aus $Gründen soll das auf L3-Ebene wie ein Netz aussehen …

# iperf3 -c 217.….….…
[…]
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec   691 MBytes   580 Mbits/sec    0             sender
[  4]   0.00-10.00  sec   691 MBytes   580 Mbits/sec                  receiver

# iperf3 -R -c 217.….….…
[…]
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec  1012 MBytes   849 Mbits/sec    2             sender
[  4]   0.00-10.00  sec  1009 MBytes   847 Mbits/sec                  receiver

# iperf3 -c 100.67.244.202   # (L2TP zu 217.….….…)
Connecting to host 100.67.244.202, port 5201
[  4] local 100.66.244.202 port 58298 connected to 100.67.244.202 port 5201
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec   506 KBytes  4.15 Mbits/sec    0   42.4 KBytes       
[  4]   1.00-2.00   sec   419 KBytes  3.43 Mbits/sec    0   42.4 KBytes       
[  4]   2.00-3.00   sec   332 KBytes  2.72 Mbits/sec    0   42.4 KBytes       
[  4]   3.00-4.00   sec   368 KBytes  3.01 Mbits/sec    0   42.4 KBytes       
[  4]   4.00-5.00   sec   342 KBytes  2.80 Mbits/sec    0   42.4 KBytes       
[  4]   5.00-6.00   sec   389 KBytes  3.19 Mbits/sec    0   42.4 KBytes       
[  4]   6.00-7.00   sec   328 KBytes  2.69 Mbits/sec    0   42.4 KBytes       
[  4]   7.00-8.00   sec   363 KBytes  2.98 Mbits/sec    0   42.4 KBytes       
[  4]   8.00-9.00   sec   368 KBytes  3.01 Mbits/sec    0   42.4 KBytes       
[  4]   9.00-10.00  sec   329 KBytes  2.70 Mbits/sec    0   42.4 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec  3.66 MBytes  3.07 Mbits/sec    0             sender
[  4]   0.00-10.00  sec  3.60 MBytes  3.02 Mbits/sec                  receiver

# iperf3 -R -c 100.67.244.202   # (L2TP zu 217.….….…)
Connecting to host 100.67.244.202, port 5201
Reverse mode, remote host 100.67.244.202 is sending
[  4] local 100.66.244.202 port 58304 connected to 100.67.244.202 port 5201
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec   516 KBytes  4.23 Mbits/sec                  
[  4]   1.00-2.00   root@tiffany:~sec   454 KBytes  3.72 Mbits/sec                  
[  4]   2.00-3.00   sec   550 KBytes  4.51 Mbits/sec                  
[  4]   3.00-4.00   sec   448 KBytes  3.67 Mbits/sec                  
[  4]   4.00-5.00   sec   652 KBytes  5.34 Mbits/sec                  
[  4]   5.00-6.00   sec  9.70 MBytes  81.3 Mbits/sec                  
[  4]   6.00-7.00   sec  68.2 MBytes   572 Mbits/sec                  
[  4]   7.00-8.00   sec  69.1 MBytes   580 Mbits/sec                  
[  4]   8.00-9.00   sec  70.0 MBytes   587 Mbits/sec                  
[  4]   9.00-10.00  sec  69.6 MBytes   584 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec   290 MBytes   244 Mbits/sec    0             sender
[  4]   0.00-10.00  sec   290 MBytes   244 Mbits/sec                  receiver

# iperf3 -c fd80::2   # (SIT-Tunnel zu 217.….….…)
Connecting to host fd80::2, port 5201
[  4] local fd80::1 port 32906 connected to fd80::2 port 5201
[…]
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec  1002 MBytes   841 Mbits/sec   10             sender
[  4]   0.00-10.00  sec  1000 MBytes   839 Mbits/sec                  receiver

# iperf3 -R -c fd80::2   # (SIT-Tunnel zu 217.….….…)
Connecting to host fd80::2, port 5201
Reverse mode, remote host fd80::2 is sending
[…]
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec  1002 MBytes   841 Mbits/sec    0             sender
[  4]   0.00-10.00  sec  1001 MBytes   840 Mbits/sec                  receiver

# iperf3 -c 100.67.240.226   # (L2TP in SIT-Tunnel zu 217.….….…)100.67.244.202
Connecting to host 100.67.240.226, port 5201
[  4] local 100.66.240.226 port 40528 connected to 100.67.240.226 port 5201
[…]
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec  5.70 MBytes  4.78 Mbits/sec    0             sender
[  4]   0.00-10.00  sec  5.59 MBytes  4.69 Mbits/sec                  receiver

# iperf3 -R  -c 100.67.240.226   # (L2TP in SIT-Tunnel zu 217.….….…)
Connecting to host 100.67.240.226, port 5201
Reverse mode, remote host 100.67.240.226 is sending
[  4] local 100.66.240.226 port 40532 connected to 100.67.240.226 port 5201
[ ID] Interval           Transfer     Bandwidth100.67.244.202
[  4]   0.00-1.00   sec   467 KBytes  3.82 Mbits/sec                  
[  4]   1.00-2.00   sec   732 KBytes  6.00 Mbits/sec                  
[  4]   2.00-3.00   sec   457 KBytes  3.74 Mbits/sec                  
[  4]   3.00-4.00   sec   462 KBytes  3.79 Mbits/sec                  
[  4]   4.00-5.00   sec   817 KBytes  6.70 Mbits/sec                  
[  4]   5.00-6.00   sec  29.7 MBytes   249 Mbits/sec                  
[  4]   6.00-7.00   sec  46.5 MBytes   390 Mbits/sec                  
[  4]   7.00-8.00   sec  48.2 MBytes   405 Mbits/sec                  
[  4]   8.00-9.00   sec  56.7 MBytes   476 Mbits/sec                  
[  4]   9.00-10.00  sec  64.0 MBytes   537 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec   250 MBytes   210 Mbits/sec    0             sender
[  4]   0.00-10.00  sec   250 MBytes   210 Mbits/sec                  receiver

Echt jetzt?

Direkt als auch über einen SIT-Tunnel (habe identisches mit GRE beobachtet) bekomme ich das relative GBit durch, sobald ich, nativ oder im SIT-/GRE-Tunnel L2TP nutze, shaped irgendwas meine Pakete?

Der primäre Grund für L2TP bei mir ist, daß es einerseits im Kernel realisiert ist (weniger Contextswitches) und andererseits erlaubt, eine 1500er MTU zu nutzen (durch erzwungenene Fragmentierung); PMTUD tut nicht, MSSFIX ist eine Krücke. Kurz: ich will nicht von MTU-Problemen behelligt werden&nsp;…

Diese Shaper werden ja auch ‘nur’ auf bestimmte Pattern setzen — wer sachdienliche Hinweise geben kann, nur zu ;)

One thought on “DPI  😡

  1. Pingback: Dem GAU sein kleinerer Bruder … – Freifunk Kreis GT

Comments are closed.