Bug 1282169 - tunneling ipv6 subnets over ipv4 is unusably slow
tunneling ipv6 subnets over ipv4 is unusably slow
Status: ASSIGNED
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: kernel (Show other bugs)
7.3
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Herbert Xu
xmu
:
Depends On:
Blocks: 1296180 1394638 1469551
  Show dependency treegraph
 
Reported: 2015-11-15 04:29 EST by Paul Wouters
Modified: 2017-08-08 02:32 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paul Wouters 2015-11-15 04:29:48 EST
When using ipv6 in ipv4 for a net-to-net connection, performance downgrades severely (from like 100mbps to 200kbps)

This is with libreswan using a leftsubnet= and rightsubnet= that is ipv6 and connaddrfamily=ipv6. The eft= and right= are ipv4 addresses.

A host to host ipv6 connection between the same hosts is not affected.

Playing with mtu or crypto parameters did not seem to make a difference.
Comment 2 Herbert Xu 2015-11-25 23:51:30 EST
Paul, can you see if the patch in #1257952 helps? Thanks!
Comment 3 Tuomo Soini 2015-12-08 17:10:38 EST
I did some testing over 10Mbit internet link.

Speed with ipv4 native ipsec, 1.11MB/s, that's about link speed (10Mbit)
Speed with ipv6 native ipsec, 1.08MB/s, again very near to link speed
Speed with ipv6 in ipv4 ipsec, 128KB/s, about same as without patch.

Testing method was nothing fancy, just rsync over ssh big file. Transfer was started from scratch for each test so it should show quite realistic result.

Tests were done with 3.10.0-327.3.1.el7 + xfrm ipv6 gro fix patch, IPsec tunnels were created with libreswan 3.16rc2 and aes_gcm256-null was used.

Note You need to log in before you can comment on or make changes to this bug.