Ilpo Järvinen:
> Can you try if you get better throughput between a proxy vm and an appvm
> using this kind of topology?
>
> sys-net <-> iperf-srv (proxyvm) <-> iperf-cli (appvm)
>
> I could push ~10Gbps with one flow and slightly more with more parallel
> flows between them.
Great find Ilpo! Did you have to do some iptables-trickery for this testing? I have ping working between proxy and appvm, but iperf and nc both tell me no route to host?
PROXY-VM:
$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.137.4.34 netmask 255.255.255.255 broadcast 10.255.255.255
inet6 fe80::216:3eff:fe5e:6c20 prefixlen 64 scopeid 0x20<link>
ether 00:16:3e:5e:6c:20 txqueuelen 1000 (Ethernet)
RX packets 86 bytes 6193 (6.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 162 bytes 14313 (13.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 36 bytes 2016 (1.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 36 bytes 2016 (1.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif37.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.137.6.1 netmask 255.255.255.255 broadcast 0.0.0.0
inet6 fe80::fcff:ffff:feff:ffff prefixlen 64 scopeid 0x20<link>
ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet)
RX packets 91 bytes 6489 (6.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 86 bytes 7993 (7.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:bootpc
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere
ACCEPT udp -- 10.137.6.35 gateway udp dpt:domain
ACCEPT udp -- 10.137.6.35 10.137.4.254 udp dpt:domain
ACCEPT tcp -- 10.137.6.35 gateway tcp dpt:domain
ACCEPT tcp -- 10.137.6.35 10.137.4.254 tcp dpt:domain
ACCEPT icmp -- 10.137.6.35 anywhere
DROP tcp -- 10.137.6.35 10.137.255.254 tcp dpt:us-cli
ACCEPT all -- 10.137.6.35 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.137.4.1 0.0.0.0 UG 0 0 0 eth0
10.137.4.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
10.137.6.35 0.0.0.0 255.255.255.255 UH 32715 0 0 vif37.0
APP-VM:
$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.137.6.35 netmask 255.255.255.255 broadcast 10.255.255.255
inet6 fe80::216:3eff:fe5e:6c21 prefixlen 64 scopeid 0x20<link>
ether 00:16:3e:5e:6c:21 txqueuelen 1000 (Ethernet)
RX packets 86 bytes 6789 (6.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 91 bytes 7763 (7.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:bootpc
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.137.6.1 0.0.0.0 UG 0 0 0 eth0
10.137.6.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0