Help us understand the problem. What is going on with this article?

TCP BBR + ShadowsocksR + fast.com の速度を macOS + テザリング環境で測定

More than 1 year has passed since last update.

fast.com への25MBファイルのダウンロード速度を、モバイルのテザリング回線環境上の macOS + curl 環境より測定。

テザリング回線のみ BBR有効SSR BBR無効(cubic) SSR
1分27秒 13秒 1分47秒

BBRアルゴリズムが速度向上に寄与しているわけではなく、MVNO回線のトラフィックシェイピングの挙動が解ることにより、速度向上が起きている模様。この利用方法では、TCPの公平性に悪影響を与えてしまう行為になる可能性があり、一般良識の範囲内で試すなど、定常的な利用は控えた方が良いでしょう。

環境

SSRサーバ

Vultr VPS 東京リージョン(512MBメモリサーバ)

SSR サーバのディストリビューションとカーネル

Ubuntu 18.04 LTS

$ uname -a
Linux ssr 4.15.0-47-generic #50-Ubuntu SMP Wed Mar 13 10:44:52 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

測定場所と時間

IIJmio タイプDをAndroidのテザリングで東京の新橋で月曜21時台に測定。

測定クライアント OS

macOS 10.14.1

測定 SSR クライアント

ShadowsocksX-NG 1.4.3-R8 (3)

SSR サーバの設定

{
        "server":"0.0.0.0",
        "server_ipv6":"[::]",
        "server_port":10023,
        "local_address":"127.0.0.1",
        "local_port":1080,
        "password":"********",
        "timeout":300,
        "method":"chacha20-ietf",
        "protocol":"auth_aes128_md5",
        "protocol_param":"",
        "obfs":"tls1.2_ticket_auth",
        "obfs_param":"",
        "redirect":"",
        "dns_ipv6":false,
        "fast_open":true,
        "workers":1
}

測定URL

ブラウザで開いたときにに fast.com へリクエストしたCDNのURL、25MBのファイル。

なお上記URLはテンポラリーな物で、しばらくたつと 403 になる。

測定

curlで複数回測定。ほとんど同じようなの速度結果だったので、一つを掲載している。X-Session-Info のアドレスは一部マスク。またダウンロード内容は、リクエストごとにレスポンスのファイルが異なるわけではなく、毎回同一なファイルであることを確認。

SSRを使わない、通常のテザリング回線

ダウンロード速度は1分27秒ほど。X-Session-Infoは繋いでいるクライアントIPの模様(後ろ二つはマスクしてます)。

X-Session-Info: addr=210.149.*.*

$ time curl --verbose https://ipv4-c026-tyo001-ix.1.oca.nflxvideo.net/speedtest/range/0-26214400\?c\=jp\&n\=2497\&v\=3\&e\=1555939238\&t\=_bq6LeisT4EjUdtyFLHF4HoFb-U  > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 23.246.46.140...
* TCP_NODELAY set
* Connected to ipv4-c026-tyo001-ix.1.oca.nflxvideo.net (23.246.46.140) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [245 bytes data]
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2798 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=California; L=Los Gatos; O=Netflix, Inc.; OU=Content Delivery; CN=*.1.oca.nflxvideo.net
*  start date: Apr 10 00:00:00 2019 GMT
*  expire date: May 12 12:00:00 2019 GMT
*  subjectAltName: host "ipv4-c026-tyo001-ix.1.oca.nflxvideo.net" matched cert's "*.1.oca.nflxvideo.net"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
> GET /speedtest/range/0-26214400?c=jp&n=2497&v=3&e=1555939238&t=_bq6LeisT4EjUdtyFLHF4HoFb-U HTTP/1.1
> Host: ipv4-c026-tyo001-ix.1.oca.nflxvideo.net
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 22 Apr 2019 12:34:51 GMT
< Content-Type: application/octet-stream
< Content-Length: 26214400
< Last-Modified: Fri, 22 Mar 2019 06:12:59 GMT
< Connection: keep-alive
< Timing-Allow-Origin: *
< Cache-Control: no-store
< Pragma: no-cache
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: X-TCP-Info,X-Session-Info
< X-TCP-Info: h0=0;h1=0;h2=0;h3=0;h4=0;
< X-Session-Info: addr=210.149.*.*;port=58039;argp=
<
{ [16384 bytes data]
100 25.0M  100 25.0M    0     0   291k      0  0:01:27  0:01:27 --:--:--  371k
* Connection #0 to host ipv4-c026-tyo001-ix.1.oca.nflxvideo.net left intact
noglob curl --verbose  > /dev/null  1.65s user 0.70s system 2% cpu 1:27.99 total

BBR が有効なカーネル + SSR

設定しているカーネルパラメータは以下。

$ sudo sysctl -p
net.ipv6.conf.all.accept_ra = 2
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
fs.file-max = 1024000
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.rmem_default = 65536
net.core.wmem_default = 65536
net.core.netdev_max_backlog = 4096
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_fastopen = 3

ダウンロード速度は13秒ほど。

X-Session-Info: addr=45.32.*.* なので、テザリング直回線(SSRを通してない)と異なっている模様。

$ time curl --socks5 127.0.0.1:1086 --verbose https://ipv4-c026-tyo001-ix.1.oca.nflxvideo.net/speedtest/range/0-26214400\?c\=jp\&n\=2497\&v\=3\&e\=1555939238\&t\=_bq6LeisT4EjUdtyFLHF4HoFb-U  > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 127.0.0.1...
* TCP_NODELAY set
* SOCKS5 communication to ipv4-c026-tyo001-ix.1.oca.nflxvideo.net:443
* SOCKS5 connect to IPv4 23.246.46.140 (locally resolved)
* SOCKS5 request granted.
* Connected to 127.0.0.1 (127.0.0.1) port 1086 (#0)
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [245 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2798 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=California; L=Los Gatos; O=Netflix, Inc.; OU=Content Delivery; CN=*.1.oca.nflxvideo.net
*  start date: Apr 10 00:00:00 2019 GMT
*  expire date: May 12 12:00:00 2019 GMT
*  subjectAltName: host "ipv4-c026-tyo001-ix.1.oca.nflxvideo.net" matched cert's "*.1.oca.nflxvideo.net"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
> GET /speedtest/range/0-26214400?c=jp&n=2497&v=3&e=1555939238&t=_bq6LeisT4EjUdtyFLHF4HoFb-U HTTP/1.1
> Host: ipv4-c026-tyo001-ix.1.oca.nflxvideo.net
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 22 Apr 2019 12:34:30 GMT
< Content-Type: application/octet-stream
< Content-Length: 26214400
< Last-Modified: Fri, 22 Mar 2019 06:12:59 GMT
< Connection: keep-alive
< Timing-Allow-Origin: *
< Cache-Control: no-store
< Pragma: no-cache
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: X-TCP-Info,X-Session-Info
< X-TCP-Info: h0=0;h1=0;h2=0;h3=0;h4=0;
< X-Session-Info: addr=45.32.*.*;port=49785;argp=
<
{ [16384 bytes data]
100 25.0M  100 25.0M    0     0  2040k      0  0:00:12  0:00:12 --:--:-- 2873k
* Connection #0 to host 127.0.0.1 left intact
noglob curl --socks5 127.0.0.1:1086 --verbose  > /dev/null  1.03s user 0.09s system 8% cpu 12.573 total

BBR が有効でないカーネル + SSR

設定しているカーネルパラメータは以下。

$ sudo sysctl -p
net.ipv6.conf.all.accept_ra = 2
net.core.default_qdisc = pfifo_fast
net.ipv4.tcp_congestion_control = cubic
fs.file-max = 1024000
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.rmem_default = 65536
net.core.wmem_default = 65536
net.core.netdev_max_backlog = 4096
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_fastopen = 3

ダウンロード速度は1分47秒ほど。

X-Session-Info: addr=45.32.*.* なので、さきほどのSSRを通してる環境と一緒。

$ time curl --socks5 127.0.0.1:1086 --verbose https://ipv4-c026-tyo001-ix.1.oca.nflxvideo.net/speedtest/range/0-26214400\?c\=jp\&n\=2497\&v\=3\&e\=1555939238\&t\=_bq6LeisT4EjUdtyFLHF4HoFb-U  > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 127.0.0.1...
* TCP_NODELAY set
* SOCKS5 communication to ipv4-c026-tyo001-ix.1.oca.nflxvideo.net:443
* SOCKS5 connect to IPv4 23.246.46.140 (locally resolved)
* SOCKS5 request granted.
* Connected to 127.0.0.1 (127.0.0.1) port 1086 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [245 bytes data]
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2798 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=California; L=Los Gatos; O=Netflix, Inc.; OU=Content Delivery; CN=*.1.oca.nflxvideo.net
*  start date: Apr 10 00:00:00 2019 GMT
*  expire date: May 12 12:00:00 2019 GMT
*  subjectAltName: host "ipv4-c026-tyo001-ix.1.oca.nflxvideo.net" matched cert's "*.1.oca.nflxvideo.net"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
> GET /speedtest/range/0-26214400?c=jp&n=2497&v=3&e=1555939238&t=_bq6LeisT4EjUdtyFLHF4HoFb-U HTTP/1.1
> Host: ipv4-c026-tyo001-ix.1.oca.nflxvideo.net
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 22 Apr 2019 12:44:50 GMT
< Content-Type: application/octet-stream
< Content-Length: 26214400
< Last-Modified: Fri, 22 Mar 2019 06:12:59 GMT
< Connection: keep-alive
< Timing-Allow-Origin: *
< Cache-Control: no-store
< Pragma: no-cache
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: X-TCP-Info,X-Session-Info
< X-TCP-Info: h0=0;h1=0;h2=0;h3=0;h4=0;
< X-Session-Info: addr=45.32.*.*;port=62591;argp=
< 
{ [16384 bytes data]
100 25.0M  100 25.0M    0     0   237k      0  0:01:47  0:01:47 --:--:--  248k
* Connection #0 to host 127.0.0.1 left intact
noglob curl --socks5 127.0.0.1:1086 --verbose  > /dev/null  1.65s user 0.27s system 1% cpu 1:47.63 total
hotchpotch
セコンです。
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした