Page 4 of 4 FirstFirst ... 234
Results 31 to 40 of 40

Thread: Is Samba read/write rate performance on Ubuntu 20.04 capped at around 11MB/s?

  1. #31
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Is Samba read/write rate performance on Ubuntu 20.04 capped at around 11MB/s?

    Quote Originally Posted by TheFu View Post
    Have you tried booting a "Try Ubuntu" from an 18.04 release? Then install iperf3 and re-run the tests. That would tell us if it is something about the 20.04 install or not. It would also point towards a hardware issue if the performance on 18.04 was bad too. Could also try a "Try Ubuntu" 20.04 boot environment to see if the install is the issue. If the "Try Ubuntu" environments provide good performance then you'll know the HW is fine.
    And?

  2. #32
    Join Date
    Oct 2005
    Location
    Lab, Slovakia
    Beans
    10,385

    Re: Is Samba read/write rate performance on Ubuntu 20.04 capped at around 11MB/s?

    What kind of ethernet switch do you have between the hosts? Try iperf with a straight wire connection, no ethernet switch.

    You should also look at the data packets with tcpdump, since that way, you will quickly see whether there is a misconfiguration, duplicate addresses, an ethernet loop, or whether someone is running a spam server or a bitcoin miner or whatever nefarious packets, over your network and clogging up the pipes.
    Last edited by HermanAB; May 26th, 2021 at 07:03 PM.

  3. #33
    Join Date
    May 2005
    Beans
    148
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Is Samba read/write rate performance on Ubuntu 20.04 capped at around 11MB/s?

    Quote Originally Posted by TheFu View Post
    ...Have you tried booting a "Try Ubuntu" from an 18.04 release? Then install iperf3 and re-run the tests. That would tell us if it is something about the 20.04 install or not. It would also point towards a hardware issue if the performance on 18.04 was bad too. Could also try a "Try Ubuntu" 20.04 boot environment to see if the install is the issue. If the "Try Ubuntu" environments provide good performance then you'll know the HW is fine.
    Wow, ok, looks to be a config issue. Can't imagine what config item it would be, but I booted up "20.04 Try Ubuntu" and sure enough full speed:
    Code:
    mike@ubuntu:~$ iperf3 -V -b 1Gbps -c 10.1.10.50
    iperf 3.7
    Linux ubuntu 5.4.0-42-generic #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020 x86_64
    Control connection MSS 1460
    Time: Wed, 26 May 2021 19:15:50 GMT
    Connecting to host 10.1.10.50, port 5201
          Cookie: 6kslwsuq5zaz2sf3zzh37rug5z4m75s2twnf
          TCP MSS: 1460 (default)
          Target Bitrate: 1000000000
    [  5] local 10.1.10.20 port 56954 connected to 10.1.10.50 port 5201
    Starting Test: protocol: TCP, 1 streams, 131072 byte blocks, omitting 0 seconds, 10 second test, tos 0
    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
    [  5]   0.00-1.00   sec   114 MBytes   956 Mbits/sec    0    218 KBytes       
    [  5]   1.00-2.00   sec   113 MBytes   949 Mbits/sec    0    218 KBytes       
    [  5]   2.00-3.00   sec   113 MBytes   949 Mbits/sec    0    218 KBytes       
    [  5]   3.00-4.00   sec   113 MBytes   949 Mbits/sec    0    218 KBytes       
    [  5]   4.00-5.00   sec   113 MBytes   950 Mbits/sec    0    218 KBytes       
    [  5]   5.00-6.00   sec   113 MBytes   949 Mbits/sec    0    218 KBytes       
    [  5]   6.00-7.00   sec   113 MBytes   949 Mbits/sec    0    218 KBytes       
    [  5]   7.00-8.00   sec   113 MBytes   949 Mbits/sec    0    218 KBytes       
    [  5]   8.00-9.00   sec   113 MBytes   950 Mbits/sec    0    218 KBytes       
    [  5]   9.00-10.00  sec   113 MBytes   949 Mbits/sec    0    218 KBytes       
    - - - - - - - - - - - - - - - - - - - - - - - - -
    Test Complete. Summary Results:
    [ ID] Interval           Transfer     Bitrate         Retr
    [  5]   0.00-10.00  sec  1.11 GBytes   950 Mbits/sec    0             sender
    [  5]   0.00-10.00  sec  1.10 GBytes   949 Mbits/sec                  receiver
    CPU Utilization: local/sender 2.7% (0.1%u/2.5%s), remote/receiver 0.0% (0.0%u/0.0%s)
    snd_tcp_congestion cubic
    
    iperf Done.
    Now comes the harder part, to find out which config item is guilty of the degradation.
    Thanks very much. I wouldn't have guessed it without your help. Besides blaming SAMBA initially for it, I was guessing maybe hardware after SAMBA.

  4. #34
    Join Date
    May 2005
    Beans
    148
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Is Samba read/write rate performance on Ubuntu 20.04 capped at around 11MB/s?

    Finally determined the cause of this network bandwidth degradation. It was caused by a large IPv4 IPTABLES rules file. The SAMBA servers aren't directly accessible by outside world anyway, so they don't need such a large rules file. They just need the basic UFW rules for only allowing access from local private network. Next step is to determine how many rules cause the degradation or what is a reasonable threshold before degradation is a serious factor. Thanks for all you help in tracking this issue down.

  5. #35
    Join Date
    Oct 2005
    Location
    Lab, Slovakia
    Beans
    10,385

    Re: Is Samba read/write rate performance on Ubuntu 20.04 capped at around 11MB/s?

    With iptables, deny everything, then allow the two or three ports that you need to have. That's it.

  6. #36
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Is Samba read/write rate performance on Ubuntu 20.04 capped at around 11MB/s?

    Quote Originally Posted by mike4ubuntu View Post
    Finally determined the cause of this network bandwidth degradation. It was caused by a large IPv4 IPTABLES rules file. The SAMBA servers aren't directly accessible by outside world anyway, so they don't need such a large rules file. They just need the basic UFW rules for only allowing access from local private network. Next step is to determine how many rules cause the degradation or what is a reasonable threshold before degradation is a serious factor. Thanks for all you help in tracking this issue down.
    Use ipset when you need lots of individual subnets blocked to create a single iptable rule. As soon as there are more than 100 rules, I switch to ipset.

  7. #37
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Is Samba read/write rate performance on Ubuntu 20.04 capped at around 11MB/s?

    $ wc -l /etc/ipset.up.rules
    6957 /etc/ipset.up.rules

    so this machine has nearly 7K rules. iperf3 running to it as a server:

    $ iperf3 -c blog44
    ...
    well, that didnt work. Guess the firewall is working? Let me open port 5201 and try again.
    Code:
    $ sudo ufw allow 5201
    Rule added
    $ iperf3 -s
    And from the client machine:
    Code:
    $ iperf3 -c blog44
    Connecting to host blog44, port 5201
    [  4] local 172.22.22.6 port 54236 connected to 172.22.22.44 port 5201
    [ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
    [  4]   0.00-1.00   sec  3.54 GBytes  30.4 Gbits/sec    0   3.09 MBytes       
    [  4]   1.00-2.00   sec  4.06 GBytes  34.9 Gbits/sec    0   3.09 MBytes       
    [  4]   2.00-3.00   sec  4.12 GBytes  35.4 Gbits/sec    0   3.09 MBytes       
    [  4]   3.00-4.00   sec  3.63 GBytes  31.2 Gbits/sec    0   3.09 MBytes       
    [  4]   4.00-5.00   sec  3.55 GBytes  30.5 Gbits/sec    0   3.09 MBytes       
    [  4]   5.00-6.00   sec  3.58 GBytes  30.7 Gbits/sec    0   3.09 MBytes       
    [  4]   6.00-7.00   sec  3.55 GBytes  30.5 Gbits/sec    0   3.09 MBytes       
    [  4]   7.00-8.00   sec  3.62 GBytes  31.1 Gbits/sec    0   3.09 MBytes       
    [  4]   8.00-9.00   sec  3.57 GBytes  30.7 Gbits/sec    0   3.09 MBytes       
    [  4]   9.00-10.00  sec  3.89 GBytes  33.4 Gbits/sec    0   3.09 MBytes       
    - - - - - - - - - - - - - - - - - - - - - - - - -
    [ ID] Interval           Transfer     Bandwidth       Retr
    [  4]   0.00-10.00  sec  37.1 GBytes  31.9 Gbits/sec    0             sender
    [  4]   0.00-10.00  sec  37.1 GBytes  31.9 Gbits/sec                  receiver
    
    iperf Done.
    Oops. That's from the same physical machine - different virtual machine. Let's try another machine on the network.
    Code:
    $ iperf3 -c blog44
    Connecting to host blog44, port 5201
    [  4] local 172.22.22.4 port 41690 connected to 172.22.22.44 port 5201
    [ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
    [  4]   0.00-1.00   sec   114 MBytes   955 Mbits/sec    0    378 KBytes       
    [  4]   1.00-2.00   sec   112 MBytes   941 Mbits/sec    0    378 KBytes       
    [  4]   2.00-3.00   sec   112 MBytes   941 Mbits/sec    0    378 KBytes       
    [  4]   3.00-4.00   sec   112 MBytes   941 Mbits/sec    0    378 KBytes       
    [  4]   4.00-5.00   sec   112 MBytes   941 Mbits/sec    0    378 KBytes       
    [  4]   5.00-6.00   sec   112 MBytes   943 Mbits/sec    0    417 KBytes       
    [  4]   6.00-7.00   sec   112 MBytes   941 Mbits/sec    0    417 KBytes       
    [  4]   7.00-8.00   sec   112 MBytes   941 Mbits/sec    0    417 KBytes       
    [  4]   8.00-9.00   sec   112 MBytes   941 Mbits/sec    0    417 KBytes       
    [  4]   9.00-10.00  sec   113 MBytes   948 Mbits/sec    0    571 KBytes       
    - - - - - - - - - - - - - - - - - - - - - - - - -
    [ ID] Interval           Transfer     Bandwidth       Retr
    [  4]   0.00-10.00  sec  1.10 GBytes   943 Mbits/sec    0             sender
    [  4]   0.00-10.00  sec  1.10 GBytes   941 Mbits/sec                  receiver
    
    iperf Done.
    940-ish Mbps. Good enough.
    109.168.161.4 is
    Here's what the single iptables rule looks like that uses ipset:
    Code:
    $ sudo iptables -L |grep count
    DROP       all  --  anywhere             anywhere             match-set countryblock src
    And to test which source IPs are being blocked, ipset has a test capability:
    Code:
    $ sudo ipset test countryblock 109.168.161.4
    109.168.161.4 is in set countryblock.
    Sorry to the good people in that netblock, but there are some nasty servers there too. All traffic from there is dropped. Period. Only for about 3 minutes, every 3 months, do I relax the blocks so that let's encrypt certs can be renewed. About 18 months ago, LE decided to require testing of access from multiple locations around the world. For a little time, I tried to figure out where those would be, but they changed and I figured for the time it took to renew, my risks were tiny. I could have switched to DNS as the domain validation method, but I've outsourced DNS and modifying it is a hassle.

    Anyways, ipset is the method you want. I read that it scales to huge lists. Just make a different "named" ipset for each rule you need.

  8. #38
    Join Date
    May 2005
    Beans
    148
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Is Samba read/write rate performance on Ubuntu 20.04 capped at around 11MB/s?

    Quote Originally Posted by TheFu View Post
    Use ipset when you need lots of individual subnets blocked to create a single iptable rule. As soon as there are more than 100 rules, I switch to ipset.
    Yeah, we use ipset for very specific sets like SPAMHAUS and some others. However, the main rule set was setup some time ago for all the different country ranges, plus many single addresses for high spam/bad repeaters detected over time. There are over a 100K rules. Overly complicated to say the least. The list needs to be paired down for sure. We initially took the approach to block certain countries and geographical regions, and then left everything open, and then creating our own black lists of single addresses that seemed to cause problems. A lot of it was automated and consequently created a large numbers of rules, because lets face, there are a lot of bad actors in the internet world that are constantly port scanning and trying to hack in to anything connected to the internet.
    Last edited by mike4ubuntu; May 29th, 2021 at 08:52 PM.

  9. #39
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Is Samba read/write rate performance on Ubuntu 20.04 capped at around 11MB/s?

    For email, I have a gateway email server that does all the blocking in/out. It doesn't actually hold any email. Just does blocking and filtering.

    Scaling the gatway up or out isn't hard. Think it is using just 384MB of RAM now. I don't block entire country subnets from email, but I do not block single IPs either. Spammers get shut down every week, so having individual IPs longer than 1 week probably isn't very useful. Perhaps having 6 months of blocks in a rotation would make sense? Just add the daily spammers into an ipset file, then add up those daily files into 25 weekly files. The scripting ain't hard for that.
    When the iptables are loaded using match-set, modifying the ipset block has immediate impact without touching the iptables at all.
    Have 26 weekly files. That would get a rolling 25-26 weeks of blocked lists - about half a year. Just shift each week the file up one number. Append new subnets/ips to the current ipset block. There are different hash types for subnet and single IPs, so once the permanent subnet blocks are known and saved, then all the others will be individual IPs?

    Of course, I don't do this myself. My spam blocks are usually around violation of SPF rules or stupid new domains like .icu, .surf or .click. I also decided to block email from anyone claiming to be from .cn or .ru or .gq domains. Other bad things in the email headers are clues for spam too - old User-Agents, bogus charsets, stuff like that. Who in the world would use Outlook Express today? Nobody except spammers.

    Of all the rules, I feel the worse about 1 clothing vendor who I like, but they just won't stop spamming. They make great, thick, t-shirts. Very comfortable, but I've been unable to get their spam to stop. 9 spam message since May 24. 27 the week before that. These are just to me. I only keep 4 weeks of mail logs. In a larger business, perhaps 4-6 months of logs would be desired?

  10. #40
    Join Date
    Oct 2005
    Location
    Lab, Slovakia
    Beans
    10,385

    Re: Is Samba read/write rate performance on Ubuntu 20.04 capped at around 11MB/s?

    IMHO if you need hundreds of iptables rules, then you are doing it wrong.

    Regarding Email Spam, years ago I noticed that the faster my server, the more spam I get. I then added a 1 second delay into my postfix server, which made it react like a very lame and overloaded machine. It caused spam to drop to next to nothing. Nowadays, this technique is called a greylisting delay and it is a regular Postfix feature. https://help.ubuntu.com/community/PostfixGreylisting

    Between greylisting and a few RBLs, you can make spam practically go away, with very little effort on your part.
    Last edited by HermanAB; May 30th, 2021 at 01:04 PM.

Page 4 of 4 FirstFirst ... 234

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •