2014-08-16

Tuning Dual LAN Synology

Having really excellent experience with Synology NAS I recently acquired a dual LAN Synology DS412+ disk station. This NAS is very quiet, supports up to 4 drives, features 1GB of RAM and 2 gigabit LAN interfaces, which I got particularly excited about.

Unfortunately, to my surprise, it turned out that both LAN interfaces are entirely isolated. This is great if you run a small home company and want to use the same disk station for both your business and personal needs, but fails to address typical home use cases, like mine:

  • LAN1 is used to access internet and provide access to media files to all electronic devices (Audio station streams music directly to my amplifier; Media station provides excellent UPnP access for my TV and other electronic devices; my phone and tablets regularly synchronize etc.)
  • LAN2 is used to work with large files on my laptop (processing RAW photos, working with virtual machines etc.)
The problem was, I had to decide whether I want to work with the files on my laptop or use the internet (unfortunately the masquerading is not configurable with UI). After some poking around I came up with the boot script, that does all that I need: I can connect my laptop directly to LAN2 and use internet access (shared by the Synology DS).

Part 1: Sharing internet access on LAN2.


If you, like me, would like your disk station to enable internet access (this includes network bridging, so you will also see all the devices visible from LAN1 on LAN2 interface), log in to your Synology station as root and try to execute the following commands (note: this is important you try it first):


insmod /lib/modules/nf_nat.ko
insmod /lib/modules/iptable_nat.ko
insmod /lib/modules/ipt_MASQUERADE.ko

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state \
    --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

If everything worked (read: none of the above commands has failed), then you should be able to connect your laptop directly to LAN2 interface of your Synology and be able to use the internet (please check!). If the above did not work for any reason, well, you can skip to second part of this post.

If all the above has worked well for you, you can leave your disk station as is (no need to reboot!), but you still want to be able to use network sharing after DS reboots. To preserve this functionality, still logged in as root, edit following files and add suggested lines at the end (note: you need to know Vi basics to do this)

  • vi /etc/rc.local

    insmod /lib/modules/nf_nat.ko
    insmod /lib/modules/iptable_nat.ko
    insmod /lib/modules/ipt_MASQUERADE.ko
    /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state \
            --state RELATED,ESTABLISHED -j ACCEPT
    /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
  • vi /etc/sysctl.conf

    net.ipv4.ip_forward=1


So far so good: these modifications will enable sharing internet access from LAN1 to LAN2, but that's not quite enough just yet, so stick with me.

Part 2: tuning performance.


Some disk stations have enough RAM they could really use it to boost LAN transfer speeds. Not much is needed, really, but the defaults are rather.. low (total of 128kB memory of read and write buffers etc.). I'm not saying the DS will be slow or anything - actually it performs really good with these defaults (I have frequently seen throughputs temporarily reaching 100MBps, that is, nearing full 800Mbps on uplink and around 60MBps = 480Mbps on dowlink). That is pretty cool already, but.. this can get a whole lot better if you add some more buffers and enable TCP window scaling; in other words, edit the /etc/sysctl.conf file and add the following lines:

net.core.wmem_max = 12582912
net.core.rmem_max = 12582912
net.ipv4.tcp_rmem = 10240 87380 12582912
net.ipv4.tcp_wmem = 10240 87380 12582912
net.ipv4.tcp_window_scaling = 1

once done, save file, close the editor and execute

sysctl -p

this command should print what has been applied to the system (pretty much everything that it can find in the /etc/sysctl.conf file). Buffers should range from 10kB to 12MB per connection (depending on needs!), and the window scaling will be enabled. Window scaling is a feature, that allows peers to send larger and larger chunks of data by negotiating their size beforehand; the effect is that despite Max Transfer Unit (MTU) is low on ethernet interfaces (usually 1500 bytes), the chunk can contain tens, hundreds or thousands of packets and will be sent without any interruptions from the receiving side (bonus: the whole window is followed by a simple acknowledge from the receiving side).

Effects?

time dd if=largefile of=/dev/null bs=1048576
4294967296 bytes transferred in 45.106328 secs (95218731 bytes/sec)

time dd if=/dev/zero of=largefile bs=1048576
4294967296 bytes transferred in 55.481166 secs (77413068 bytes/sec)

Average (rather than temporary) transfer speeds of 95MBps and 77MBps are pretty cool! And best yet: it won't get much better with larger MTU sizes.