this post was submitted on 06 Jun 2026
7 points (81.8% liked)

Selfhosted

59693 readers
1066 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
7
PSA: Flow Control and Port Buffers are key to fix poor uplink speeds (lemmy.self-hosted.site)
submitted 3 hours ago* (last edited 2 hours ago) by Smash@lemmy.self-hosted.site to c/selfhosted@lemmy.world
6 comments fedilink hide all child comments
 

After struggling for over 20 hours, I wanted to share the results of my investigation regarding very poor Internet upload erformance.

Setup

  • Proxmox Server with a Single 10GbE NIC
  • OPNsense VM on Proxmox
  • OPNsense uses VirtIO NICs tied to the 10GbE Linux Bridge
  • upstream Gateway is a OpenWRT router with 1GbE uplink
  • Zyxel XS1930 Switch connecting Proxmox Host and Gateway

Problem

Internet download speeds are fine (900Mbit/s) but upload speeds are not (5-15MBit/s instead of 50MBit/s)

Solution

Various OPNsense tunables (configured for 8 CPU cores)

  • hw.ibrs_disable = 1
  • net.isr.maxthreads = -1
  • net.isr.bindthreads = 1
  • net.isr.dispatch = deferred
  • net.inet.rss.enabled = 1
  • net.inet.rss.bits = 6
  • kern.ipc.maxsockbuf = 16777216
  • net.inet.tcp.recvbuf_max = 4194304
  • net.inet.tcp.recvspace = 262144
  • net.inet.tcp.sendbuf_inc = 16384
  • net.inet.tcp.sendbuf_max = 4194304
  • net.inet.tcp.sendspace = 262144
  • net.inet.tcp.soreceive_stream = 1
  • net.pf.source_nodes_hashsize = 1048576
  • net.inet.tcp.mssdflt = 1240
  • net.inet.tcp.abc_l_var = 52
  • net.inet.tcp.minmss = 536
  • kern.random.fortuna.minpoolsize = 128
  • net.isr.defaultqlimit = 2048

Enabling Multiqueue in Proxmox for the VirtIO NICs

(binary stepping, 1 Queue for 2 cores, 2 Queues for 4 cores, 3 Queue for 8 cores ect, total amount of all Queues mustn’t be greater then the VMs CPU cores)

Enabling Flow Control on all involved Network devices

  • Proxmox hardware NIC: ethtool -K nic0 rx on tx on
  • OpenWRT lan interfnace:

uci set network.lan.txpause='1'

uci set network.lan.rxpause='1'

uci commit

reload_config

  • Zyxel Switch:

Port -> Port Setup - Checked all Ports

Enabling Port Buffering

Zyxel Switch:

Port -> Port Buffer - Checked the Port with the Gateway

Reason

The Main reason for this problem seems to be the down-stepping of 10Gbit traffic to 1Gbit devices. Without Flow control enabled on all involved devices, the sending rate can't be adjusted. But without enabling Port Buffering, the Switch won't allocate resources for adjusting the traffic flow rate for slower devices.

This Problem should only affect people who use devices with different link speeds on the same switch.

top 6 comments
sorted by: hot top controversial new old
[–] litchralee@sh.itjust.works 2 points 24 minutes ago* (last edited 16 minutes ago)

Given that your original problem was related to WAN upload performance, why did your investigation lead you to Ethernet flow-control? An ISP connection generally deals in packets at Layer 3 ("network", eg IP) of the OSI model, whereas Ethernet is a Layer 2 ("data-link") layer technology.

If there is a bottleneck at your WAN modem, then that will cause congestion at layer 3, but Ethernet flow-control can only deal with congestion that exists at layer 2. What has likely happened is that you have configured your gateway so that congestion at layer 3 is mirrored onto your layer 2 LAN. And if flow-control is enabled, then that would result in back-pressure propagating back to your VMs. Your VMs will then slow down their layer 2 rate, which conveniently forces the layer 3 traffic to also slow down.

This is an incredibly round-about and inefficient way to do traffic shaping. You should not configure a network so that L3 and L2 issues bleed into each other. A major consequence of using flow-control in this way is that it reduces the capacity of your LAN, even for traffic that isn't going out to the WAN.

The customary approach for keeping L2 and L3 separate is to perform traffic shaping solely at the threshold where your LAN meets the bottleneck. This would be OpenWRT, since after OpenWRT would be the WAN (50 Mbps upload). OpenWRT would be configured with some sort of QoS feature so that certain L3 packets are selectively dropped.

You cannot do effective L3 traffic shaping without dropping packets. In fact, all competent L3 protocols expect dropped packets in order to slow down their data rate: SCTP and TCP have their own exponential congestion control mechanism, UDP simply accepts that some packets won't make it through, and QUIC has its own mechanism as well. Simply put, all L3 protocols only understand one signal that tells them to slow down, and it is to drop a few packets. They will adjust accordingly, finding the stable equilibrium where traffic flows at the very cusp of congestion.

The Main reason for this problem seems to be the down-stepping of 10Gbit traffic to 1Gbit devices

This is a red-herring, for the reasons I've outlined above. With 1+ Gbps connections on your LAN, your L2 network is an order of magnitude faster than your WAN upload. It cannot be the case that a fast LAN makes a slow WAN slower. This is not RF impedance where step-transitions cause reflections; we are dealing in packet-switched networks, where queuing theory controls.

TL;DR: please try OpenWRT QoS instead

[–] yggstyle@lemmy.world 4 points 2 hours ago (2 children)

I find that outside of chasing diminishing returns - the biggest boost to upload speeds generally involves getting service that isn't from spectrum or comcast.

The speeds you are suggesting seem to imply you are on some cable carrier. Be consciously aware that there is frequently fine print stating up to on your meager upload allotment. You may be optimising against unseen forces.

It looks like you put in some effort on tuning which is awesome - and hopefully is helpful to some as a starting point... but from experience tuning is often very unique to each individual setup. That said: kudos on drawing that much out of your setup.

[–] frongt@lemmy.zip 1 points 1 hour ago

True, but if it's only the proxmox host with the problem, it's probably not the cable carrier. The traffic from your different devices looks mostly the same to them.

[–] Smash@lemmy.self-hosted.site 2 points 2 hours ago (1 children)

Yep, still on cable... vodafone to be exact. I should get FTTH this year, but also then only 1000 down/500 up for almost double the price (and it's Telekom, so cloudflare services are unusable).

But the Problem I was facing was unique to the 10GbE Adapter. I used a 1GbE adapter before for years, without this issue.

[–] yggstyle@lemmy.world 2 points 1 hour ago (1 children)

But the Problem I was facing was unique to the 10GbE Adapter. I used a 1GbE adapter before for years, without this issue.

Every home labber will eventually have that coming of age trial: ritual combat with the monster they have constructed. Glad to see you got the best of yours haha.

[–] Smash@lemmy.self-hosted.site 1 points 1 hour ago

Yep, I moved away from having multiple 1GbE NICs to a single 10GbE NIC and creating the network virtually using VLANs and SDNs. This freed up some PCI-E slots and cables, but also spawned a new boss