I'm still working on this, as I think it is worthwhile for us to explore
and get some hard data on how all of these things perform in a real world
environment.
I've been stalled by transitioning to a new job.
>Same here. I guess this interacts with other properties, like the delay
>OpenVPN itself adds. And that is where AES-GCM, with it's blazingly
>fast hardware acceleration, outperforms AES-CBC + HMAC-SHA in orders of
>magnitude (at the crypto level).
This might be interesting, and it also might be why my real world testing
doesn't match what we see at https://community.openvpn.net/openvpn
/wiki/Gigabit_Networks_Linux
<https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux>
It looks like this experiment was conducted on machines on a LAN with
virtually no latency / forwarding being done, so while it does show us some
theoretical numbers they don't seem to apply to the real-world use-cases
that we are hoping to get these types of performance figures for.
As soon as we start adding latency and jitter performance seems to tank
with these optimizations.
So that I am not chasing phantoms, do we have any real-world examples of
the claim by janj...@nikhef.nl or are we just going off of the
Gigabit_Networks_Linux page? If we have real world examples of
configurations that can push more than 250Mbit (on a 1Gb controller) or
2.5Gbit (on a 10Gb controller) over connections with more than 10ms of
latency then it would allow me to significantly narrow my search for
problem areas.
Derek Zimmer
Chief Executive Officer
Open Source Technology Improvement Fund
On Sun, May 6, 2018 at 8:04 AM, Steffan Karger <stef...@karger.me> wrote:
> Hi,
>
> On 04-05-18 17:45, Jan Just Keijser wrote:
> > On 04/05/18 16:41, Derek Zimmer wrote:
> >> What conclusions can we draw from this?
> >>
> > My main conclusion has always been that OpenVPN is limited by the number
> > of user-to-kernel space transitions , not by anything else.
>
> Same here. I guess this interacts with other properties, like the delay
> OpenVPN itself adds. And that is where AES-GCM, with it's blazingly
> fast hardware acceleration, outperforms AES-CBC + HMAC-SHA in orders of
> magnitude (at the crypto level).
>
> Some while ago, I looked a bit into this, and started at looking to
> improve the user/kernel interfaces. I posted a proof-of-concept patch
> that might be interesting to check out if you're doing performance testing:
> https://www.mail-archive.com/openvpn-devel@lists.
> sourceforge.net/msg13699.html
>
> I'd be very interested to know if using recvmmsg() improves the
> performance in you measurements. (I never got to picking this up again,
> because dayjob, bug reports and life in general got in the way...)
>
> -Steffan
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
