-
Major massive SMB issues with OS X 10.11.5
This will apply to all the manufacturers who read Creative Cow. I have been shown a major problem with SMB that has started with the OS X Update to 10.11.5.
I was shown this by John Davidson of Magic Feather. I am now getting calls from tons of clients who are saying “my system is running really slow all of a sudden”.
The article below details this, and shows exactly what I have seen – a 10G connection over SMB will drop from 600 MB/sec and over, down to about 140 MB/sec.
Read everything you can on this, on the Apple forums. This is not a fantasy problem. I hope Apple addresses this very quickly.Bob Zelin
n Wed, Jun 01, 2016 at 07:44:26PM +0000, Seth Goldin wrote:
> I disabled client signing from the client side, via OS X’s global nsmb.conf
> file: https://discussions.apple.com/message/30282470#30282470
>
> The performance was back to over 600 MB/s, as compared to 60 MB/s with
> signing.
>
> It just seems a bit weird to me that Apple, in response to the Badlock bug,
> would have changed the OS X client default to something with such drastic
> performance implications, without much notice. My contact at Apple said
> that the engineers were able to replicate the slow performance on OS X
> Server as well, so even if they didn’t test it with Samba on Linux or
> FreeBSD servers, they might have just been too hasty in their response to
> Badlock. I wonder if they had only tested OS X clients with Windows Server.
> I wonder what that performance looks like, but I don’t have access to
> Windows Server.My guess is the Apple security Team gave the client devs no choice.
Badlock was a protocol level bug (although the problem protocol
was DCE-RPC, not SMB) and enabling SMB-signing fixes the problem
with DCE-RPC tunnelled inside SMB[123] packets.Otherwise Apple would have had to do what Samba did, which was
to fix the DCE-stack to refuse non-signed/sealed connections
on security-sensitive pipes. Insisting on SMB signing is a
simpler and quicker fix, especially if their server only accepts
DCE-RPC tunnelled inside SMB[123] packets.—
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/sambaBob Zelin
Rescue 1, Inc.
bo******@****ud.com -
9 Replies
-
It appears that the Samba Core Team identified this, and worked with Microsoft to stop it. Apple picked this up, and in OS X 10.11.5, it now requires
SMB signing, which appears to be crippling the performance of SMB, even on 10G networks.If you are using SMB to connect to your server, DONT UPGRADE to 10.11.5
Bob Zelin
Bob Zelin
Rescue 1, Inc.
bobzelin@icloud.com -
Bob,
Thanks for posting this, this is critical info.
Just a heads up to ProMAX Platform customers who are reading this post. This issue does not affect ProMAX Platform users who wish to update their systems to 10.11.5.
The joys of networking!
Nathaniel Cooper
ProMAX Systems -
I disabled signing on the MacOS clients and speeds went from about 180mb/s to 850mb/s over SMB3 on a 10GbE network to a 12 bay NAS unit configured in RAID6, btrfs. It was a breathe of fresh air discovering this a few weeks ago, since I’ve been battling this issue for a lot longer than most people have been writing about it publicly on the internet. There’s a lot chatter about disabling .DS_Store on network volumes for faster folder loading…
I still see speeds over 900mb/s on the same server over AFP though. For the time being, most of our client machines are still set to what has been working fine for a long time. I’m not a formally educated network engineer or systems administrator, I’ve just learned my tools well enough over the years.
Is there a major advantage of SMB3 in MacOS over AFP at this point though?
AFP has been working fine for a long time, and I haven’t burned enough hours or throughput on the servers to really see actual results over one or the other. I know AFP support is going to fade with time. But other than that, I’m not seeing a performance boost, unless that’s something I’ll see with time as the server starts to get hammered and filled with more and more complex media.
-
replies below –
I disabled signing on the MacOS clients and speeds went from about 180mb/s to 850mb/s over SMB3 on a 10GbE network to a 12 bay NAS unit configured in RAID6, btrfs. It was a breathe of fresh air discovering this a few weeks ago, since I’ve been battling this issue for a lot longer than most people have been writing about it publicly on the internet. There’s a lot chatter about disabling .DS_Store on network volumes for faster folder loading…REPLY – I have had the exact same experience. I have clients with 20 – 30 Mac’s that have updated to OS X 10.11.5, and this enables SMB signing, which as you now know, must be disabled – which is a PAIN IN THE BUTT – modifying files in Library> Preferences, and creating a nsmb.conf file in /etc. WHY APPLE – WHY ? Who cares about Microsoft security bugs, MACS do not need this !!!!!!!!!!!!! Will there be a fix in 10.11.6 – will there ever be a fix ? Or do we do to Sierra next ?
I still see speeds over 900mb/s on the same server over AFP though. For the time being, most of our client machines are still set to what has been working fine for a long time. I’m not a formally educated network engineer or systems administrator, I’ve just learned my tools well enough over the years.
REPLY – me too – and I still use AFP all the time. BUT AFP is OVER as of macOS Sierra in July/August/Fall 2016
NO MORE AFP. So does apple fix the signing issue in Sierra ?Is there a major advantage of SMB3 in MacOS over AFP at this point though?
REPLY – SMB is for compatibility with PC Networks, and if Sierra gets rid of AFP, as is being reported, we are stuck with SMB (and maybe NFS if that is still there).Many of the people that you see report on these forums are manufacturers, and want to keep their secrets. But there are no secrets – you either use SMB, AFP, NFS, or iSCSI. That’s it. We find out everyone’s secrets, we find out everyone’s tuning files. It’s all generic. It just kills me that Apple does not find this to be an important issue –
as of course we all should be using iCloud, and not our local networks !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Bob Zelin
Bob Zelin
Rescue 1, Inc.
bobzelin@icloud.com -
Bob,
At work we acquired a few new 27″ iMacs that shipped with 10.11.5. Does this SMB issue affect 1Gig connections as well or only 10gig connections? I did some speed tests on one of the 10.11.5 iMacs connected via 1Gig ethernet to our Isilon via SMB mount and was getting 85.7MB/s writes & 62.2MB/s. Created the nsmb.conf file in etc/ and changed the signing required to no. Re-ran the same test and only got a speed change of 2MB/s on both read and write. Ran the same tests with a IFS mount to the Isilon and got a little better read & write speeds of 94.6MB/s & 108.2MB/s.
Appreciate any update you have on this SMB issue with running OS X 10.11.5.
Thanks,
Andy Edwards -
Hey Bob,
Yeah… this totally sucked… Late to the party on this, BUT, as a public service to anyone who runs into this issue, we fixed this over at Lumaforge a few weeks ago with a button in our Shareclient app that’s included for our ShareStation users… and it should work for you with SMB as well if you run into this issue… so, if you need a quick, easy fix, drop me an email at sam@lumaforge.com, and I’ll send you a copy of the app.
All you’ll need to do is go to the SMB tab and click “Enable” and it should fix this problem as long as you’re connecting SMB 3.0 or higher.
On the ShareStation, prior to clicking this, we were getting 11 MB/s over SMB on 10.11.5, and it immediately brought us back to the 700-1100 MB/s we’re used to seeing over SMB over 10G.
Sam Mestman
CEO – Lumaforge (www.lumaforge.com)
Founder – We Make Movies (www.wemakemovies.org)
Workflow Architect – FCPWORKS (www.fcpworks.com) -
Sam,
Thanks for sharing your App. After upgrading one of our 10gig connected edit stations to El Capitan 10.11.6 and seeing the SMB slowdown, your App fixed the problem with one click. Speeds are back to normal.
Andy Edwards
-
So it sounds like this SMB performance issue did NOT get fixed in Mac OS X 10.11.6
Is that correct?
-
that is correct –
10.11.6 does not fix the SMB network connection issue.
You have to manually disable SMB Signing, to get the speeds to return to normal.
What system are you running John ?Bob Zelin
Bob Zelin
Rescue 1, Inc.
bobzelin@icloud.com
Reply to this Discussion! Login or Sign Up