David Sommerseth wrote:
James MacLean wrote:Hi Folks,I have parsed around a bit but have not come up with a solid suggestion to increase performance in the following environment :. +150 clients always on, always via COAX modem 15Mb/s down 1.5Mb/s up. . OpenVPN-2.0.9 and 2.1rc13 tested, setup as single server . Server Kernel 2.6.25.4 . Server 64bit . Server CPU % rarely goes above 30 . Server is fed over a 10G linkCurrently we get what appears to be only between 5 and 6 MB/s average using this setup.If only activity is over a single tunnel we can get the expected max (about 14Mb/s to the remote site) for the COAX sites. Once traffic builds during the day, that number drops.We know if we hit it locally we can get 160Mb/s. We know if we do hit it locally and are getting the 160Mb/s that the COAX tunnels do suffer. Starting by almost 1/2 of their normal throughput tunnel speed of almost 14Mb/s.So in my small mind, I am thinking we are seeing around 48Mb/s (6MB/s*8) used, but that we should be able to get over 150Mb/s. CPU isn't hurting. Almost feels like there is a governor slowing down the traffic :).Important settings from latest config : verb 1 dev tap tun-mtu 1500 tun-mtu-extra 32 mssfix 1468 proto udp ca SSCert.pem cert servercert.pem key serverkey.pem dh dh1024.pem tls-auth ./tlspass keepalive 30 63 ping-timer-rem persist-tun 1 persist-key 1 cipher none tcp-queue-limit 4096 sndbuf 131072 rcvbuf 131072 Anyone have any words of wisdom :) ?Have you tried different ciphers and/or cipher key sizes? I know you say the server do not suffer with too high load, but it could be inefficiency in the cipher algorithm. If that's the case it might be as well an OpenSSL issue too. It's a shot in the dark, but would be good to wipe this one out. The default is blowfish, so I really do not expect an improvement.Do you know if threads are enabled in your OpenVPN setup? (compile/configure setting). I believe the default is not to use threads.Does the performance drop if you have 150+ clients connected while being passive (not sending any traffic over the tunnel) and only having 1 client sending traffic?kind regards, David Sommerseth
Hi David,I had hoped that "cipher none" would have the least overhead. Perhaps there is a better one to try?
Threads are enabled in the build, but I only ever see one in the running program. Maybe 64bit is showing it differently or "ps axms" and "ps -eLf" are not the way to display them ?
Performance seems fine if they are doing nothing. We can get the full expected bandwidth from a single client, or even a small number of clients.
But when the general use of the tunnels comes up, that's when they appear to suffer.
I regret I do not have much in depth info, but I'm really not sure which direction I should be aiming :).
Cheers, JES
<<attachment: macleajb.vcf>>
