Improve QoS Management for High Bandwidth (Above 1 Gbps)

[cotosso]

The current QoS configuration can limit the maximum download speed when bandwidth exceeds 1 Gbps, especially on devices with less powerful CPUs. Upload speed performs well, but download is negatively impacted by CPU load due to the use of split-gso.

Split-gso is useful for bandwidths below 1 Gbps, as it helps manage packet handling efficiently. However, for higher bandwidths, it becomes less beneficial because there is abundant bandwidth, and transfers are typically faster. This behavior is due to the shaper component, which splits GRO super packets into smaller packets for bandwidths below 1 Gbps. For bandwidths above 1 Gbps, super packets are typically not split, as the benefit decreases. However, splitting can still be performed if the CPU is sufficiently powerful.

Proposed solution

Automatically manage the split-gso option based on the available bandwidth. No changes in the UI are required.

Apply this solution for both upload and download configurations, as tests have shown improvements for both directions. The configuration would be handled individually depending on the specific speed, we will refer to

For bandwidths below or equal to 1000 Mbps, leave the default behavior (no changes needed in the configuration).

For bandwidths above 1000 Mbps, include the following options in the /etc/config/qosify file:

If upload speed > 1000 Mbps:

option egress_options 'no-split-gso'

If download speed > 1000 Mbps:

option ingress_options 'no-split-gso'

Alternative solutions

An alternative would be to offer manual control of split-gso, allowing users to enable or disable it based on their specific network conditions. However, the proposed automatic handling based on bandwidth is a more user-friendly approach.

Ref https://github.com/NethServer/nethsecurity/issues/808

[cotosso]

Reminder: When it is realized we will also have to document this behavior.

[github-actions[bot]]

Testing image version: 8-23.05.5-ns.1.3.0-10-g3ac01f6cce

[gsanchietti]

Test case 1

• Configure a new wan with download bandwidth less than 1000
• Make sure option no-split-gso is not set
• Change the download bandwidth to a number greater than 1000
• Make sure option no-split-gso is set as ingress_options

Test case 2

• Configure a new wan with upload bandwidth less than 1000
• Make sure option no-split-gso is not set
• Change the upload bandwidth to a number greater than 1000
• Make sure option no-split-gso is set as egress_options

[filippocarletti]

root@NethSec:~# qosify-status | grep split
qdisc cake 8001: root refcnt 2 bandwidth 100Mbit diffserv4 dual-srchost nat nowash no-ack-filter split-gso rtt 100ms raw overhead 0 
qdisc cake 8002: root refcnt 2 bandwidth 100Mbit diffserv4 dual-dsthost nat nowash ingress no-ack-filter split-gso rtt 100ms raw overhead 0 
root@NethSec:~# diff qosify.1000 /etc/config/qosify 
31,32c31,32
<   option bandwidth_up '1000mbit'
<   option bandwidth_down '1000mbit'
---
>   option bandwidth_up '1001mbit'
>   option bandwidth_down '1001mbit'
39a40,41
>   option egress_options 'no-split-gso'
>   option ingress_options 'no-split-gso'
root@NethSec:~# qosify-status | grep split
qdisc cake 8005: root refcnt 2 bandwidth 1001Mbit diffserv4 dual-srchost nat nowash no-ack-filter no-split-gso rtt 100ms raw overhead 0 
qdisc cake 8006: root refcnt 2 bandwidth 1001Mbit diffserv4 dual-dsthost nat nowash ingress no-ack-filter no-split-gso rtt 100ms raw overhead 0