ftp uploads very slow – Zeroshell Linux Router

Tagged: ftp slow kvm libvirt virtio

This topic has 2 replies, 1 voice, and was last updated 3 years, 4 months ago by Filippo.

Viewing 3 posts - 1 through 3 (of 3 total)

Author

Posts
September 6, 2018 at 11:57 am #64371

Filippo
Participant

Hi,

I’ve a working ZS router since a couple of weeks.
I’ve noticed ftp uploads are very (very) slow from both pc behind ZS and ZS itself.
ftp downloads instead are fast as they should be.
I’m using passive mode for ftp transfers.

a pc linked directly to the provider’s router uploads file at more than 2600kb/s. ZS (which is itself also directly linked to provider’s routers) and pc linked to ZS internal lan upload at 200kb/s.
download speeds are almost 25Mbps from every host.

ZS has 3 eth cards:
ETH00 192.168.1.251/24: to the provider’s router
ETH02 192.168.2.251/24: to another provider’s router
ETH01 192.168.10.4/24: to the internal lan

ETH02 is configured as ‘spare’ in load balancer (failover mode)
ETH00 and ETH02 are ‘nat enabled interfaces’ while ETH01 and VPN99 are in the ‘available’ side.

QOS is disabled
VPN is disabled
there is no rule configured in firewall panel
proxy is disabled
I can’t see any error logs from dmegs

this is iptables –list
root@zeroshell ~> iptables –list
Chain INPUT (policy ACCEPT)
target prot opt source destination
SYS_GUI all — anywhere anywhere
SYS_INPUT all — anywhere anywhere
SYS_HTTPS tcp — anywhere anywhere tcp dpt:http
SYS_HTTPS tcp — anywhere anywhere tcp dpt:https
SYS_SSH tcp — anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
SYS_OUTPUT all — anywhere anywhere

Chain NetBalancer (0 references)
target prot opt source destination

Chain SYS_DNS (2 references)
target prot opt source destination
ACCEPT all — 10.0.0.0/8 anywhere
ACCEPT all — 172.16.0.0/12 anywhere
ACCEPT all — 192.168.0.0/16 anywhere
ACCEPT all — 192.168.1.0/24 anywhere
ACCEPT all — 192.168.10.0/24 anywhere
ACCEPT all — 192.168.2.0/24 anywhere
ACCEPT all — 192.168.250.0/24 anywhere
DROP all — anywhere anywhere

Chain SYS_GUI (1 references)
target prot opt source destination
ACCEPT tcp — savage.infotelsrl.local anywhere tcp dpt:12081

Chain SYS_HTTPS (2 references)
target prot opt source destination
ACCEPT all — anywhere anywhere
ACCEPT all — 10.0.0.0/8 anywhere
ACCEPT all — 172.16.0.0/12 anywhere
ACCEPT all — 192.168.0.0/16 anywhere
ACCEPT all — 192.168.1.0/24 anywhere
ACCEPT all — 192.168.10.0/24 anywhere
ACCEPT all — 192.168.2.0/24 anywhere
ACCEPT all — 192.168.250.0/24 anywhere
DROP all — anywhere anywhere

Chain SYS_INPUT (1 references)
target prot opt source destination
ACCEPT all — anywhere anywhere
ACCEPT udp — anywhere anywhere udp spt:domain state ESTABLISHED
ACCEPT tcp — anywhere anywhere tcp spt:domain state ESTABLISHED
SYS_DNS udp — anywhere anywhere udp dpt:domain
SYS_DNS tcp — anywhere anywhere tcp dpt:domain
ACCEPT tcp — anywhere anywhere tcp spt:http state ESTABLISHED
ACCEPT tcp — anywhere anywhere tcp spt:8245 state ESTABLISHED
ACCEPT udp — anywhere anywhere udp spt:ntp state ESTABLISHED
RETURN all — anywhere anywhere

Chain SYS_OUTPUT (1 references)
target prot opt source destination
ACCEPT all — anywhere anywhere
ACCEPT udp — anywhere anywhere udp dpt:domain
ACCEPT tcp — anywhere anywhere tcp dpt:http
ACCEPT tcp — anywhere anywhere tcp dpt:8245
ACCEPT udp — anywhere anywhere udp dpt:ntp
RETURN all — anywhere anywhere

Chain SYS_SSH (1 references)
target prot opt source destination
ACCEPT all — anywhere anywhere
ACCEPT all — 192.168.1.0/24 anywhere
ACCEPT all — anywhere anywhere
DROP all — anywhere anywhere
root@zeroshell ~>

this is lsmod
root@zeroshell ~> lsmod
Module Size Used by
nf_conntrack_netlink 24891 0
sch_htb 13205 0
ipt_MASQUERADE 981 2
nf_nat_masquerade_ipv4 1613 1 ipt_MASQUERADE
xt_nat 1529 2
xt_realm 871 2
bonding 95999 0
tun 16536 1
iptable_nat 1431 1
nf_nat_ipv4 4359 1 iptable_nat
xt_mark 1021 7
xt_conntrack 3001 11
xt_connmark 1621 4
iptable_mangle 1224 1
xt_ndpi 452304 0
br_netfilter 12211 0
bridge 90528 1 br_netfilter
stp 1337 1 bridge
llc 3001 2 bridge,stp
nf_nat_pptp 2010 0
nf_nat_proto_gre 1081 1 nf_nat_pptp
nf_nat_sip 7701 0
nf_nat_ftp 1540 0
nf_nat_h323 5295 0
nf_nat 10000 8 nf_nat_masquerade_ipv4,xt_nat,nf_nat_ipv4,nf_nat_pptp,nf_nat_proto_gre,nf_nat_sip,nf_nat_ftp,nf_nat_h323
nf_conntrack_tftp 3077 0
nf_conntrack_pptp 3478 1 nf_nat_pptp
nf_conntrack_proto_gre 3408 1 nf_conntrack_pptp
nf_conntrack_irc 3103 0
nf_conntrack_sip 18245 1 nf_nat_sip
nf_conntrack_ftp 5531 1 nf_nat_ftp
nf_conntrack_h323 38014 1 nf_nat_h323
dummy 2423 0
iptable_filter 1160 1
ip_tables 9458 3 iptable_nat,iptable_mangle,iptable_filter
8139too 16939 0
8139cp 16614 0
uio_pdrv_genirq 2870 0
input_leds 2382 0
mii 3635 2 8139too,8139cp
i2c_piix4 8125 0
8250_fintek 2182 0
virtio_balloon 4497 0
floppy 49758 0
ehci_pci 3087 0
virtio_pci 11574 0
ehci_hcd 34596 1 ehci_pci
uhci_hcd 19035 0
root@zeroshell ~>

root@zeroshell ~> ip route
default via 192.168.1.1 dev ETH00 realm 101
192.168.1.0/24 dev ETH00 proto kernel scope link src 192.168.1.251
192.168.2.0/24 dev ETH02 proto kernel scope link src 192.168.2.251
192.168.10.0/24 dev ETH01 proto kernel scope link src 192.168.10.4
192.168.250.0/24 dev VPN99 proto kernel scope link src 192.168.250.254
root@zeroshell ~>

root@zeroshell ~> brctl show
bridge name bridge id STP enabled interfaces
DEFAULTBR 8000.000000000000 no
root@zeroshell ~>

root@zeroshell ~> ip a
1: lo: <LOOPBACK,UP,10000> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: sit0@NONE: <NOARP> mtu 1480 qdisc noop qlen 1
link/sit 0.0.0.0 brd 0.0.0.0
3: ETH00: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 52:54:00:22:a7:b6 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.251/24 brd 192.168.1.255 scope global ETH00:00
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe22:a7b6/64 scope link
valid_lft forever preferred_lft forever
4: ETH01: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 52:54:00:47:5a:7d brd ff:ff:ff:ff:ff:ff
inet 192.168.10.4/24 brd 192.168.10.255 scope global ETH01:00
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe47:5a7d/64 scope link
valid_lft forever preferred_lft forever
5: ETH02: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 52:54:00:1b:fb:1b brd ff:ff:ff:ff:ff:ff
inet 192.168.2.251/24 brd 192.168.2.255 scope global ETH02:00
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe1b:fb1b/64 scope link
valid_lft forever preferred_lft forever
6: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noqueue qlen 1000
link/ether 1e:21:89:9e:30:69 brd ff:ff:ff:ff:ff:ff
inet 192.168.141.142/24 brd 192.168.141.255 scope global dummy0
valid_lft forever preferred_lft forever
7: dummy1: <BROADCAST,NOARP,UP,10000> mtu 1500 qdisc noqueue qlen 1000
link/ether da:a7:a8:4e:77:81 brd ff:ff:ff:ff:ff:ff
inet 192.168.142.142/32 brd 192.168.142.255 scope global dummy1
valid_lft forever preferred_lft forever
inet6 fe80::d8a7:a8ff:fe4e:7781/64 scope link
valid_lft forever preferred_lft forever
8: DEFAULTBR: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 76:c7:08:70:a4:49 brd ff:ff:ff:ff:ff:ff
9: VPN99: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 0e:b5:5d:93:2c:b7 brd ff:ff:ff:ff:ff:ff
inet 192.168.250.254/24 brd 192.168.250.255 scope global VPN99:00
valid_lft forever preferred_lft forever
10: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop qlen 1000
link/ether 56:b4:7a:e8:c6:c2 brd ff:ff:ff:ff:ff:ff
11: bond1: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop qlen 1000
link/ether b2:3f:ca:10:65:cb brd ff:ff:ff:ff:ff:ff
12: bond2: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop qlen 1000
link/ether ca:f3:65:27:c1:d0 brd ff:ff:ff:ff:ff:ff
13: bond3: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop qlen 1000
link/ether a6:f6:da:18:62:c3 brd ff:ff:ff:ff:ff:ff
14: bond4: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop qlen 1000
link/ether 8a:c3:4c:b0:78:c2 brd ff:ff:ff:ff:ff:ff
15: bond5: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop qlen 1000
link/ether 92:d7:0b:0a:90:82 brd ff:ff:ff:ff:ff:ff
16: bond6: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop qlen 1000
link/ether 9a:29:f2:5b:e1:dc brd ff:ff:ff:ff:ff:ff
17: bond7: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop qlen 1000
link/ether aa:76:70:5a:d8:17 brd ff:ff:ff:ff:ff:ff
18: bond8: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop qlen 1000
link/ether be:d6:93:fc:71:e9 brd ff:ff:ff:ff:ff:ff
19: bond9: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop qlen 1000
link/ether aa:97:69:0d:df:77 brd ff:ff:ff:ff:ff:ff
root@zeroshell ~>

can you please give any support? (answers in italian are also fine 😉 )

September 6, 2018 at 5:17 pm #64373

Filippo
Participant

I think I’ve found where the problem is. The fact that I have poor performance also from inside the ZS host make me think that the problem is inside the vm configuration.
Right now ZS is using the rtl8139 driver (kvm/libvirt) for the 3 nic. I’ve created another vm using virtio driver and attached to the provider’s router and I see no problems at all.
I’ll try changing the driver for the ZS host too and I’ll confirm here if it works.

September 8, 2018 at 9:15 am #64379

Filippo
Participant

I can confirm, after switching the vm’s network drivers to virtio, that all problems are gone.
Author

Posts

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.