Solaris 11 Express NAT performance issues

vectox · April 6, 2011, 6:52pm

Hi all,

I decided to replace my linux router/firewall with Solaris 11 express.  This is a pppoe connection directly to my server...no router boxes.  I got everything setup, but the performance is terrible on the NAT....really slow.  A web page that loads on the server instantly will take several minutes to load on my computer behind the NAT.  Should also be noted that I disabled the firewall rules as part of my testing and there was no change in performance.

My NAT rule is the following:
map sppp0 192.168.0.0/24 -> 0/32

My routeadm output is the following:

routeadm 
              Configuration   Current              Current
                     Option   Configuration        System State
---------------------------------------------------------------
               IPv4 routing   enabled              enabled
               IPv6 routing   disabled             disabled
            IPv4 forwarding   enabled              enabled
            IPv6 forwarding   disabled             disabled

           Routing services   "route:default ripng:default"

Routing daemons:

                      STATE   FMRI
                     online   svc:/network/routing/ndp:default
                   disabled   svc:/network/routing/ripng:default
                   disabled   svc:/network/routing/rdisc:default
                     online   svc:/network/routing/route:default
                   disabled   svc:/network/routing/legacy-routing:ipv4
                   disabled   svc:/network/routing/legacy-routing:ipv6

Anyone have any suggestions...or experience with Solaris 11 Express working properly in this fashion. I'm actually curious if this is a bug.

Corona688 · April 6, 2011, 7:41pm

Could this be a DNS issue?

vectox · April 6, 2011, 8:13pm

Thanks for the reply. No DNS issues. I've been able to do host lookups and they come back instantaneously .

vectox · April 8, 2011, 8:02pm

So I did some packet sniffing and determined that the problem is IP fragmentation. Here is my setup

<DSL_Modem>-<Linux Router>-<switch>-<wifi>-<macbook>

this setup works fine, with no fragmentation or performance issues

<DSL_Modem>-<Sol 11 Router>-<switch>-<wifi>-<macbook>

this setup has major packet fragmentation

<DSL_Modem>-<Sol 11 Router>-<switch>-<macbook>

this setup has major packet fragmentation

I played with various MTU settings on the solaris servers internal NIC, but it made no difference so I tried a couple of things with the client box.

I determined the max MTU I could send from my macbook as 1464 without getting fragmentation by using:
ping -D -s 1464 <any internet ip>

Once I manually set my MTU down to 1464 instead of the default 1500 web pages are loading normally. So here's the problem...why do I have to manually set the MTU on the client macbook when I have my solaris server setup as a router. Is there some network related tuning I can perform on the server that will address these issues?

---------- Post updated at 08:02 PM ---------- Previous update was at 12:31 AM ----------

I've posted this problem in the network area because of the nature of the problem once I broke it down to fragments

http://www.unix.com/ip-networking/157561-solaris-11-express-nat-router-ip-fragments.html