fast.com への25MBファイルのダウンロード速度を、モバイルのテザリング回線環境上の macOS + curl 環境より測定。
| テザリング回線のみ | BBR有効SSR | BBR無効(cubic) SSR |
|---|---|---|
| 1分27秒 | 13秒 | 1分47秒 |
BBRアルゴリズムが速度向上に寄与しているわけではなく、MVNO回線のトラフィックシェイピングの挙動が解ることにより、速度向上が起きている模様。この利用方法では、TCPの公平性に悪影響を与えてしまう行為になる可能性があり、一般良識の範囲内で試すなど、定常的な利用は控えた方が良いでしょう。
環境
SSRサーバ
Vultr VPS 東京リージョン(512MBメモリサーバ)
SSR サーバのディストリビューションとカーネル
Ubuntu 18.04 LTS
$ uname -a
Linux ssr 4.15.0-47-generic #50-Ubuntu SMP Wed Mar 13 10:44:52 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
測定場所と時間
IIJmio タイプDをAndroidのテザリングで東京の新橋で月曜21時台に測定。
測定クライアント OS
macOS 10.14.1
測定 SSR クライアント
ShadowsocksX-NG 1.4.3-R8 (3)
SSR サーバの設定
{
"server":"0.0.0.0",
"server_ipv6":"[::]",
"server_port":10023,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"********",
"timeout":300,
"method":"chacha20-ietf",
"protocol":"auth_aes128_md5",
"protocol_param":"",
"obfs":"tls1.2_ticket_auth",
"obfs_param":"",
"redirect":"",
"dns_ipv6":false,
"fast_open":true,
"workers":1
}
測定URL
ブラウザで開いたときにに fast.com へリクエストしたCDNのURL、25MBのファイル。
なお上記URLはテンポラリーな物で、しばらくたつと 403 になる。
測定
curlで複数回測定。ほとんど同じようなの速度結果だったので、一つを掲載している。X-Session-Info のアドレスは一部マスク。またダウンロード内容は、リクエストごとにレスポンスのファイルが異なるわけではなく、毎回同一なファイルであることを確認。
SSRを使わない、通常のテザリング回線
ダウンロード速度は1分27秒ほど。X-Session-Infoは繋いでいるクライアントIPの模様(後ろ二つはマスクしてます)。
X-Session-Info: addr=210.149.*.*
$ time curl --verbose https://ipv4-c026-tyo001-ix.1.oca.nflxvideo.net/speedtest/range/0-26214400\?c\=jp\&n\=2497\&v\=3\&e\=1555939238\&t\=_bq6LeisT4EjUdtyFLHF4HoFb-U > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 23.246.46.140...
* TCP_NODELAY set
* Connected to ipv4-c026-tyo001-ix.1.oca.nflxvideo.net (23.246.46.140) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [245 bytes data]
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2798 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=Los Gatos; O=Netflix, Inc.; OU=Content Delivery; CN=*.1.oca.nflxvideo.net
* start date: Apr 10 00:00:00 2019 GMT
* expire date: May 12 12:00:00 2019 GMT
* subjectAltName: host "ipv4-c026-tyo001-ix.1.oca.nflxvideo.net" matched cert's "*.1.oca.nflxvideo.net"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify ok.
> GET /speedtest/range/0-26214400?c=jp&n=2497&v=3&e=1555939238&t=_bq6LeisT4EjUdtyFLHF4HoFb-U HTTP/1.1
> Host: ipv4-c026-tyo001-ix.1.oca.nflxvideo.net
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 22 Apr 2019 12:34:51 GMT
< Content-Type: application/octet-stream
< Content-Length: 26214400
< Last-Modified: Fri, 22 Mar 2019 06:12:59 GMT
< Connection: keep-alive
< Timing-Allow-Origin: *
< Cache-Control: no-store
< Pragma: no-cache
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: X-TCP-Info,X-Session-Info
< X-TCP-Info: h0=0;h1=0;h2=0;h3=0;h4=0;
< X-Session-Info: addr=210.149.*.*;port=58039;argp=
<
{ [16384 bytes data]
100 25.0M 100 25.0M 0 0 291k 0 0:01:27 0:01:27 --:--:-- 371k
* Connection #0 to host ipv4-c026-tyo001-ix.1.oca.nflxvideo.net left intact
noglob curl --verbose > /dev/null 1.65s user 0.70s system 2% cpu 1:27.99 total
BBR が有効なカーネル + SSR
設定しているカーネルパラメータは以下。
$ sudo sysctl -p
net.ipv6.conf.all.accept_ra = 2
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
fs.file-max = 1024000
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.rmem_default = 65536
net.core.wmem_default = 65536
net.core.netdev_max_backlog = 4096
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_fastopen = 3
ダウンロード速度は13秒ほど。
X-Session-Info: addr=45.32.*.* なので、テザリング直回線(SSRを通してない)と異なっている模様。
$ time curl --socks5 127.0.0.1:1086 --verbose https://ipv4-c026-tyo001-ix.1.oca.nflxvideo.net/speedtest/range/0-26214400\?c\=jp\&n\=2497\&v\=3\&e\=1555939238\&t\=_bq6LeisT4EjUdtyFLHF4HoFb-U > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 127.0.0.1...
* TCP_NODELAY set
* SOCKS5 communication to ipv4-c026-tyo001-ix.1.oca.nflxvideo.net:443
* SOCKS5 connect to IPv4 23.246.46.140 (locally resolved)
* SOCKS5 request granted.
* Connected to 127.0.0.1 (127.0.0.1) port 1086 (#0)
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [245 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2798 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=Los Gatos; O=Netflix, Inc.; OU=Content Delivery; CN=*.1.oca.nflxvideo.net
* start date: Apr 10 00:00:00 2019 GMT
* expire date: May 12 12:00:00 2019 GMT
* subjectAltName: host "ipv4-c026-tyo001-ix.1.oca.nflxvideo.net" matched cert's "*.1.oca.nflxvideo.net"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify ok.
> GET /speedtest/range/0-26214400?c=jp&n=2497&v=3&e=1555939238&t=_bq6LeisT4EjUdtyFLHF4HoFb-U HTTP/1.1
> Host: ipv4-c026-tyo001-ix.1.oca.nflxvideo.net
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 22 Apr 2019 12:34:30 GMT
< Content-Type: application/octet-stream
< Content-Length: 26214400
< Last-Modified: Fri, 22 Mar 2019 06:12:59 GMT
< Connection: keep-alive
< Timing-Allow-Origin: *
< Cache-Control: no-store
< Pragma: no-cache
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: X-TCP-Info,X-Session-Info
< X-TCP-Info: h0=0;h1=0;h2=0;h3=0;h4=0;
< X-Session-Info: addr=45.32.*.*;port=49785;argp=
<
{ [16384 bytes data]
100 25.0M 100 25.0M 0 0 2040k 0 0:00:12 0:00:12 --:--:-- 2873k
* Connection #0 to host 127.0.0.1 left intact
noglob curl --socks5 127.0.0.1:1086 --verbose > /dev/null 1.03s user 0.09s system 8% cpu 12.573 total
BBR が有効でないカーネル + SSR
設定しているカーネルパラメータは以下。
$ sudo sysctl -p
net.ipv6.conf.all.accept_ra = 2
net.core.default_qdisc = pfifo_fast
net.ipv4.tcp_congestion_control = cubic
fs.file-max = 1024000
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.rmem_default = 65536
net.core.wmem_default = 65536
net.core.netdev_max_backlog = 4096
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_fastopen = 3
ダウンロード速度は1分47秒ほど。
X-Session-Info: addr=45.32.*.* なので、さきほどのSSRを通してる環境と一緒。
$ time curl --socks5 127.0.0.1:1086 --verbose https://ipv4-c026-tyo001-ix.1.oca.nflxvideo.net/speedtest/range/0-26214400\?c\=jp\&n\=2497\&v\=3\&e\=1555939238\&t\=_bq6LeisT4EjUdtyFLHF4HoFb-U > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 127.0.0.1...
* TCP_NODELAY set
* SOCKS5 communication to ipv4-c026-tyo001-ix.1.oca.nflxvideo.net:443
* SOCKS5 connect to IPv4 23.246.46.140 (locally resolved)
* SOCKS5 request granted.
* Connected to 127.0.0.1 (127.0.0.1) port 1086 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [245 bytes data]
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2798 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=Los Gatos; O=Netflix, Inc.; OU=Content Delivery; CN=*.1.oca.nflxvideo.net
* start date: Apr 10 00:00:00 2019 GMT
* expire date: May 12 12:00:00 2019 GMT
* subjectAltName: host "ipv4-c026-tyo001-ix.1.oca.nflxvideo.net" matched cert's "*.1.oca.nflxvideo.net"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify ok.
> GET /speedtest/range/0-26214400?c=jp&n=2497&v=3&e=1555939238&t=_bq6LeisT4EjUdtyFLHF4HoFb-U HTTP/1.1
> Host: ipv4-c026-tyo001-ix.1.oca.nflxvideo.net
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 22 Apr 2019 12:44:50 GMT
< Content-Type: application/octet-stream
< Content-Length: 26214400
< Last-Modified: Fri, 22 Mar 2019 06:12:59 GMT
< Connection: keep-alive
< Timing-Allow-Origin: *
< Cache-Control: no-store
< Pragma: no-cache
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: X-TCP-Info,X-Session-Info
< X-TCP-Info: h0=0;h1=0;h2=0;h3=0;h4=0;
< X-Session-Info: addr=45.32.*.*;port=62591;argp=
<
{ [16384 bytes data]
100 25.0M 100 25.0M 0 0 237k 0 0:01:47 0:01:47 --:--:-- 248k
* Connection #0 to host 127.0.0.1 left intact
noglob curl --socks5 127.0.0.1:1086 --verbose > /dev/null 1.65s user 0.27s system 1% cpu 1:47.63 total