this post was submitted on 06 Jun 2026
9 points (80.0% liked)

Selfhosted

59693 readers
1066 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
9
PSA: Flow Control and Port Buffers are key to fix poor uplink speeds (lemmy.self-hosted.site)
submitted 5 hours ago* (last edited 4 hours ago) by Smash@lemmy.self-hosted.site to c/selfhosted@lemmy.world
9 comments fedilink hide all child comments
 

After struggling for over 20 hours, I wanted to share the results of my investigation regarding very poor Internet upload erformance.

Setup

  • Proxmox Server with a Single 10GbE NIC
  • OPNsense VM on Proxmox
  • OPNsense uses VirtIO NICs tied to the 10GbE Linux Bridge
  • upstream Gateway is a OpenWRT router with 1GbE uplink
  • Zyxel XS1930 Switch connecting Proxmox Host and Gateway

Problem

Internet download speeds are fine (900Mbit/s) but upload speeds are not (5-15MBit/s instead of 50MBit/s)

Solution

Various OPNsense tunables (configured for 8 CPU cores)

  • hw.ibrs_disable = 1
  • net.isr.maxthreads = -1
  • net.isr.bindthreads = 1
  • net.isr.dispatch = deferred
  • net.inet.rss.enabled = 1
  • net.inet.rss.bits = 6
  • kern.ipc.maxsockbuf = 16777216
  • net.inet.tcp.recvbuf_max = 4194304
  • net.inet.tcp.recvspace = 262144
  • net.inet.tcp.sendbuf_inc = 16384
  • net.inet.tcp.sendbuf_max = 4194304
  • net.inet.tcp.sendspace = 262144
  • net.inet.tcp.soreceive_stream = 1
  • net.pf.source_nodes_hashsize = 1048576
  • net.inet.tcp.mssdflt = 1240
  • net.inet.tcp.abc_l_var = 52
  • net.inet.tcp.minmss = 536
  • kern.random.fortuna.minpoolsize = 128
  • net.isr.defaultqlimit = 2048

Enabling Multiqueue in Proxmox for the VirtIO NICs

(binary stepping, 1 Queue for 2 cores, 2 Queues for 4 cores, 3 Queue for 8 cores ect, total amount of all Queues mustn’t be greater then the VMs CPU cores)

Enabling Flow Control on all involved Network devices

  • Proxmox hardware NIC: ethtool -K nic0 rx on tx on
  • OpenWRT lan interfnace:

uci set network.lan.txpause='1'

uci set network.lan.rxpause='1'

uci commit

reload_config

  • Zyxel Switch:

Port -> Port Setup - Checked all Ports

Enabling Port Buffering

Zyxel Switch:

Port -> Port Buffer - Checked the Port with the Gateway

Reason

The Main reason for this problem seems to be the down-stepping of 10Gbit traffic to 1Gbit devices. Without Flow control enabled on all involved devices, the sending rate can't be adjusted. But without enabling Port Buffering, the Switch won't allocate resources for adjusting the traffic flow rate for slower devices.

This Problem should only affect people who use devices with different link speeds on the same switch.

you are viewing a single comment's thread
view the rest of the comments
[–] litchralee@sh.itjust.works 10 points 3 hours ago* (last edited 2 hours ago) (1 children)

Given that your original problem was related to WAN upload performance, why did your investigation lead you to Ethernet flow-control? An ISP connection generally deals in packets at Layer 3 ("network", eg IP) of the OSI model, whereas Ethernet is a Layer 2 ("data-link") layer technology.

If there is a bottleneck at your WAN modem, then that will cause congestion at layer 3, but Ethernet flow-control can only deal with congestion that exists at layer 2. What has likely happened is that you have configured your gateway so that congestion at layer 3 is mirrored onto your layer 2 LAN. And if flow-control is enabled, then that would result in back-pressure propagating back to your VMs. Your VMs will then slow down their layer 2 rate, which conveniently forces the layer 3 traffic to also slow down.

This is an incredibly round-about and inefficient way to do traffic shaping. You should not configure a network so that L3 and L2 issues bleed into each other. A major consequence of using flow-control in this way is that it reduces the capacity of your LAN, even for traffic that isn't going out to the WAN.

The customary approach for keeping L2 and L3 separate is to perform traffic shaping solely at the threshold where your LAN meets the bottleneck. This would be OpenWRT, since after OpenWRT would be the WAN (50 Mbps upload). OpenWRT would be configured with some sort of QoS feature so that certain L3 packets are selectively dropped.

You cannot do effective L3 traffic shaping without dropping packets. In fact, all competent L3 protocols expect dropped packets in order to slow down their data rate: SCTP and TCP have their own exponential congestion control mechanism, UDP simply accepts that some packets won't make it through, and QUIC has its own mechanism as well. Simply put, all L3 protocols only understand one signal that tells them to slow down, and it is to drop a few packets. They will adjust accordingly, finding the stable equilibrium where traffic flows at the very cusp of congestion.

The Main reason for this problem seems to be the down-stepping of 10Gbit traffic to 1Gbit devices

This is a red-herring, for the reasons I've outlined above. With 1+ Gbps connections on your LAN, your L2 network is an order of magnitude faster than your WAN upload. It cannot be the case that a fast LAN makes a slow WAN slower. This is not RF impedance where step-transitions cause reflections; we are dealing in packet-switched networks, where queuing theory controls.

TL;DR: please try OpenWRT QoS instead

[–] victorz@lemmy.world 2 points 1 hour ago

This is mostly going over my head, but I read all of it and it is very well written. Objective and factual (it seems to me). No belittling, just genuinely trying to deliver helpful criticism and explanation.

🤝🙇‍♂️

Good on you for being a good fellow human.