Asymmetric speeds via SSH tunneling: slow upload

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
tempuser11
DD-WRT Novice


Joined: 24 Sep 2011
Posts: 8

PostPosted: Sat Oct 16, 2021 12:00    Post subject: Asymmetric speeds via SSH tunneling: slow upload Reply with quote
UPD, solution: Installed Entware and from there openssh-server, using it instead built-in dropbear SSH server.
Now I'm getting 35 Mbits/sec upload vs 15.5 previously. Download almost same, ~12 Mbits.
So dropbear probably due it's lightweight nature have some internal shenanigans which cause speed drop (no pun intended).

Hi. Please, help me to figure out strange problem. I'm out of ideas and forum is last resort.
I have TP-Link WR1043ND v4 with latest beta build 47528 (10/10/21).
It works like Samba NAS via tunneling over internet.
SSH server: built-in dropbear, SSH client: Bitvise on Windows. Almost same results on Ubuntu / Android with ssh.

Problem: upload to router is noticeable slower than download and it more important to me.
Please, take a look on speed tests (download from / upload to router in Mbits/sec):

iperf3 over internet to router:
– SSH tunnel: 15.5 / 6.3
– Directly: 20 / 60 - a lot packet retransmits for download only

iperf3 over internet to laptop behind router:
– Directly: 25 / 40 - no retransmits

iperf3 over local connection to router:
– SSH tunnel: 14 / 11
– Directly: 45 / 50

Ookla Speedtest (DL / UL perspective from router):
– My side: 65 / 75
– Router side: 60 / 35

To sum up results.
Only for download on direct connection iperf3 shows many packet retransmits, ~50, strange.
Seems this affects direct and tunnel speed. Like something wrong with ISP's on any side.
But no, I started iperf3 as server on laptop that connected to router and just forwarded port.
Direct test passes without retransmits. So both ISP's can be excluded, my for sure because got same results over different ISP. Looks like it's router fault.

I can't understand, why packet retransmits present for download, but in tunnel affected only upload?
And why retransmits happen? What can be checked more? Please, help to resolve this mystery.

For note:
- I extensive Googled and searched forum before posting
– Excluded possible affection by my router via tests over WAN cable
– Used different devices and ISP at my side
– QoS off, setting max priority for SSH port not helps
– WAN port setup fine, output of swconfig dev switch0 show: speed:100baseT full-duplex txflow rxflow auto
– SSH encryption parameters are default which hardcoded into dropbear binary, no compression enabled or available


Last edited by tempuser11 on Sun Oct 17, 2021 8:20; edited 2 times in total
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Oct 16, 2021 13:54    Post subject: Reply with quote
What are the results if you disable SFE (Shortcut Forwarding Engine ) on Setup page?
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
tempuser11
DD-WRT Novice


Joined: 24 Sep 2011
Posts: 8

PostPosted: Sat Oct 16, 2021 15:04    Post subject: Reply with quote
Forgot to say: same results with SFE on or off.
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1410

PostPosted: Sat Oct 16, 2021 15:22    Post subject: Reply with quote
For the ones that go over the internet, it is often that ISPs do asymmetric speeds (upload is slower than download), from my understanding this is often done because they want to up sell to a "business" account and "residential" should not be uploading as much as they download.

If you truly have symmetric these should be close, but there are still assumptions done on the router hardware itself, it does not take the path in the same order because they are designed with assumptions in mind.

In your examples, you are doing different things... when you are going just to router, it only hits the input tables and process flow, but when the router has to forward, it its forwarding tables... it is much more complex but a nice simplified version from wikipedia:

[img]https://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg[/img]

For your re-transmits... there are multiple things you could be hitting multiple routers on internet (which drops packets), your local neighbors could be doing traffic at that time... I am not even going to get started on wifi aspect.

SSH runs over tcp, so tcp is reliable packet ordered, so it will cause missed/dropped packets to be retransmitted thus a slower speed (not ot mention the "random" tcp wait time for the transmission, in hopes to prevent more collisions)
tempuser11
DD-WRT Novice


Joined: 24 Sep 2011
Posts: 8

PostPosted: Sat Oct 16, 2021 16:58    Post subject: Reply with quote
Wildlion,
Thanks for detailed info.
As you say forwarding more complicated and resource consuming and therefore more risk of "bugs".
This contradicts with test: forwarded traffic to/from laptop behind router not have retransmits.
But they present to router (and only to - is there explanation to this?)
This, as I suppose, points on weird bug or misconfiguration on router.
Also Wi-Fi totally excluded because retransmits present via cable-cable.
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1410

PostPosted: Sat Oct 16, 2021 20:45    Post subject: Reply with quote
There are many variables... one thought could be that maybe the buffers are filling up on the router (when input) because instead of just forwarding it on, now it has to send it to a different level in the OSI model (ie the application) which means the router processor has to be involved more causing delays and dropping packets...

I am trying to exclude things like EMI since from my understanding it is the same cable(s) or nothing is lose or something is getting turned on like TV or speakers or so on...

The only other thing I can think of is that when you have something like ssh (which uses tcp) to wrap the traffic you have the interaction of tcp inside of tcp, so the ssh tunnel may find the problem first and ask for a re-transmit so the process never sees it.

We would have to collect more data (or do things like measure signals on the wires), monitor buffer utilization... If you think it is worth the return... good luck
tempuser11
DD-WRT Novice


Joined: 24 Sep 2011
Posts: 8

PostPosted: Sun Oct 17, 2021 8:16    Post subject: Reply with quote
Fixed this trivially. Installed Entware and from there openssh-server, using it instead built-in dropbear SSH server.
Now I'm getting 35 Mbits/sec upload vs 15.5 previously, yay. Download almost same, ~12 Mbits.
So dropbear probably due it's lightweight nature have some internal shenanigans which cause speed drop (no pun intended).
Thanks all for answers and attention.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum