25GbE - Strange Windows Issue - Downloads Only

[Lurick]

I'm a bit perplexed at this point but figured it's worth posting here just in case someone might have an idea of what I'm missing since this seems to be a Windows issue but I'm not 100% sure.

 

Summary:

I've got two 25GbE NICs connected to a 25GbE capable switch. Links negotiate at 25GbE and uploads from Windows to the remote servers pass at 25GbE with iperf2 and iperf3 (about 24Gb/s with iperf2 and 21 with iperf3) but downloads are the issue from the remote server to my Windows machine. No matter what I've tried I can't seem to break some mystical sub-13Gb/s barrier and I'm kind of lost as to why.

 

What I've tried:

I've tried disabling all Windows security features (Firewall, anti-virus, etc) and no real change, I'm capped at ~12.5Gb/s downloads.

Reinstalling NIC drivers and uninstalling drivers/rebooting/reinstalling but no change, still about 12.5Gb/s downloads.

Testing different networks and on the same network as the VM and no change.

Even two VMs on different VLANs that need to cross the switch work in both directions without issue and hit 24.5Gb/s in both directions without issue so something seems to be up with my machine only.

 

I see no output drops on the switch and everything looks normal so that's what has me suspecting a Windows issue. I've not tried safe mode with networking just yet but that's next on my list. Was just hoping anyone like @mynameisjuan or @leadeater or anyone else might have any ideas as to why downloads would be the issue on Windows.

 

Specs:

NIC: Intel XXV710

Switch: Catalyst 9300X-48HX with 8x25GbE module.

[keskparane]

How remote are the servers? Are they on a connection with an upload limit?

[Lurick]

14 minutes ago, keskparane said:

How remote are the servers? Are they on a connection with an upload limit?

They're local, to the same switch

[dogwitch]

15 minutes ago, Lurick said:

They're local, to the same switch

so odd question is data at some point going thru your isp router?

in the transfer over the network

[AbydosOne]

What model of NICs are you using?

[Lurick]

5 minutes ago, AbydosOne said:

What model of NICs are you using?

Intel xxv710 NICs on both sides.

[Lurick]

Rebooted into Safe Mode w/ Networking and voila 24.5Gbit each way so something in Windows is definitely mucking things up.

[mynameisjuan]

1 hour ago, Lurick said:

Rebooted into Safe Mode w/ Networking and voila 24.5Gbit each way so something in Windows is definitely mucking things up.

As you know, anything on the host OS side is out of my expertise. That said, I know that Safe Mode w/ Networking does load the network drivers so I would have to assume this is a service/program causing this.

 

I know Windows is terrible when it comes down to tshooing services/processes, but is there anything that stands out when performing the test in Task Manager/Resource Monitor?

[Lurick]

28 minutes ago, mynameisjuan said:

As you know, anything on the host OS side is out of my expertise. That said, I know that Safe Mode w/ Networking does load the network drivers so I would have to assume this is a service/program causing this.

 

I know Windows is terrible when it comes down to tshooing services/processes, but is there anything that stands out when performing the test in Task Manager/Resource Monitor?

Yah, I'm not great at the OS side myself but I did check on resource monitor and nothing spikes usage wise sadly which has me really perplexed since I would expect something to show up there if it was the limiting factor =/

[leadeater]

11 hours ago, Lurick said:

Rebooted into Safe Mode w/ Networking and voila 24.5Gbit each way so something in Windows is definitely mucking things up.

Well that's odd, that it's slower in normal.

 

Turned off Defender Real Time Protection? Defender does do network inspection which you can disable individually with GPO etc

 

In safe mode defender doesn't work so that is your most likely cause I can think of right now.

 

Past that make sure you have looked at the NIC hardware properties in the Windows Drivers and made sure all the offloads are actually enabled and push up the buffer sizes etc, maybe the driver defaults are different in safe mode but I highly doubt that. I do find increasing buffers/ring sizes helps a lot though.

[leadeater]

Post what your iperf commands you are running, I'll do the same ones on some of my systems and see what I get.

[Lurick]

2 minutes ago, leadeater said:

Post what your iperf commands you are running, I'll do the same ones on some of my systems and see what I get.

Sure thing, I did disable Windows Defender real time protection but couldn't find the GPO for network inspection, do you happen to know where that might live?

 

iperf3 -s

iperf3 -c server -P 4 -R

I tried -P 6 as well but no change.

[leadeater]

 

And just -s -p 6060 on server side

 

Defender is on on both sides.

[leadeater]

25 minutes ago, Lurick said:

iperf3 -c server -P 4 -R

 

 

[leadeater]

I also have my NICs in a Windows Team and multiple Team Interfaces on tagged VLANs

 

 

 

 

 

Flow Control: Disabled

IPV4 Checksum Offload: RX & TX

Jumbo Packet 9000

Large Send Offload V2: Enabled

Max RSS Processes & Queues: 8

NetworkDirect: Enabled & Default

Packet Direct: Enabled

Quality of Service: Disabled

Receive Side Scaling: Enabled

Recv Seg Coalescing: Enabled 

Receive Buffers: 512

Send Buffers: 2048

TCP/UDP Checksum Offload: Enabled

 

Mellanox btw

[Lurick]

@leadeater I found the issue

webthreatdefsvc and webthreatdefusersvr - disabled the one that was running in services and boom, 24.5Gbit no problem!

 

Edit:

Forgot to mention these run even with Defender disabled.

[leadeater]

31 minutes ago, Lurick said:

@leadeater I found the issue

webthreatdefsvc and webthreatdefusersvr - disabled the one that was running in services and boom, 24.5Gbit no problem!

 

Edit:

Forgot to mention these run even with Defender disabled.

What version of Windows are you running and is it also onboarded with Defender for Endpoint and has MsSenses.exe running?

[Lurick]

12 hours ago, leadeater said:

What version of Windows are you running and is it also onboarded with Defender for Endpoint and has MsSenses.exe running?

Windows 11 Pro

No defender for endpoint.

[leadeater]

4 minutes ago, Lurick said:

Windows 11 Pro

No defender for endpoint.

Ahk, it's new in Windows 11 btw so you got "lucky"