Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packets block happens on writing to wireguard device by udp protocol exceeds 30 packets/sec #114

Open
bigboyq opened this issue Mar 14, 2022 · 5 comments
Open

Packets block happens on writing to wireguard device by udp protocol exceeds 30 packets/sec #114

bigboyq opened this issue Mar 14, 2022 · 5 comments
Labels
bug/possible A possible bug that has not yet been confirmed

Comments

@bigboyq
Copy link

bigboyq commented Mar 14, 2022

Package version

1.0.20211208-1

Firmware version

v2.0.9-hotfix.2

Device

EdgeRouter X (SFP) - e50

Issue description

My network connection looks like
'''
Server[192.168.100.18]------Wireguard-------ERX[192.168.100.19/192.168.0.1]-------LAN-------Mac[192.168.0.110]
'''
192.168.100.18/192.168.100.19 is wireguard devices
192.168.0.1/192.168.0.110 is Lan devices
if I run on Server

iperf3 -s

run on Mac

iperf3 -u -c 192.168.100.18 -l 99

I got log on Server

-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 192.168.0.110, port 50429
[ 5] local 192.168.100.18 port 5201 connected to 192.168.0.110 port 58909
[ ID] Interval      Transfer   Bitrate     Jitter  Lost/Total Datagrams
[ 5]  0.00-1.00  sec 2.90 KBytes 23.7 Kbits/sec 15644245684.792 ms 0/30 (0%)  
[ 5]  1.00-2.00  sec 0.00 Bytes 0.00 bits/sec 15644245684.792 ms 0/0 (0%)  
[ 5]  2.00-3.00  sec 0.00 Bytes 0.00 bits/sec 15644245684.792 ms 0/0 (0%)  
[ 5]  3.00-4.00  sec 0.00 Bytes 0.00 bits/sec 15644245684.792 ms 0/0 (0%)  
[ 5]  4.00-5.00  sec 0.00 Bytes 0.00 bits/sec 15644245684.792 ms 0/0 (0%)  
[ 5]  5.00-6.00  sec 0.00 Bytes 0.00 bits/sec 15644245684.792 ms 0/0 (0%)  
[ 5]  6.00-7.00  sec 0.00 Bytes 0.00 bits/sec 15644245684.792 ms 0/0 (0%)  
[ 5]  7.00-8.00  sec 0.00 Bytes 0.00 bits/sec 15644245684.792 ms 0/0 (0%)  
[ 5]  8.00-9.00  sec 0.00 Bytes 0.00 bits/sec 15644245684.792 ms 0/0 (0%)  
[ 5]  9.00-10.00 sec 0.00 Bytes 0.00 bits/sec 15644245684.792 ms 0/0 (0%)  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval      Transfer   Bitrate     Jitter  Lost/Total Datagrams
[ 5]  0.00-10.01 sec 2.90 KBytes 2.37 Kbits/sec 15644245684.792 ms 0/30 (0%) receiver

Obviously, while udp packets writing to wireguard device exceeds 30p/s, the device blocked writing.
I think something might happens on packet queue located inside wireguard driver.

Other tests been done

  1. If sending from Server to Mac by udp over wireguard , No blocking
  2. If NAT enable/disable on ERX, No difference
  3. If iperf3 using TCP, No blocking

Configuration and log output

No response
@bigboyq bigboyq added the bug/possible A possible bug that has not yet been confirmed label Mar 14, 2022
@bigboyq
Copy link
Author

bigboyq commented Mar 14, 2022

Similar discuss
https://community.ui.com/questions/Paket-loss-with-hwnat-enabled-to-Wireguard-device/e0112b17-ff0b-4348-893c-73b413873209

@bigboyq
Copy link
Author

bigboyq commented Mar 16, 2022

More tests has been done

  1. If run iperf3 -c directly on Er-x, no packet loss
  2. If tune the -l from 99 to 64, Server got 0/103, then 0/0
  3. if tune the -l from 99 to 32, Server got 0/183, then 0/0
    If change server from ping 9ms to 45ms, test results keep the same

@yukinobu
Copy link

yukinobu commented Aug 22, 2022
edited
Loading

Hi.

I'm also using EdgeRouter X and faced a similar issue. From a client computer which connected to EdgeRouter's WireGuard server, I could browse web sites such as YouTube, but the video playback is very slow.

When I inspect the packet flow with Wireshark, it seems that YouTube first sends me the video data over UDP. But EdgeRouter dropped these UDP packets. After I waited a while it seemed to fall back to TCP and and I was able to play the video.

Note: the link above points to the hwnat issue. When I disabled my EdgeRouter's hwnat, the issue no longer occurred. However, the EdgeRouter's performance will drop significantly...

@jbeez
Copy link

jbeez commented Sep 28, 2022

@yukinobu Was it UDP over port 443(aka QUIC)? You might be able to just block QUIC outright so it never uses that and see if it improves the experience?

@yukinobu
Copy link

yukinobu commented Oct 6, 2022

@jbeez Yes, it seemed QUIC. Now, I blocking all egress UDP packets and it improves my experience definitely!

Below is a snippet of my NAT rules. For packets from WireGuard tunnels, only TCP and ICMP are handled by NAT.

rule 5030 {
    description "masquerade from WireGuard to WAN (exclude udp to avoid hwnat bug)"
    log disable
    outbound-interface eth0
    protocol tcp
    source {
        address 10.xxx.yyy.0/24
    }
    type masquerade
}
rule 5031 {
    description "masquerade from WireGuard to WAN (exclude udp to avoid hwnat bug)"
    log disable
    outbound-interface eth0
    protocol icmp
    source {
        address 10.xxx.yyy.0/24
    }
    type masquerade
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug/possible A possible bug that has not yet been confirmed
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jbeez @yukinobu @bigboyq