Hi,
On 01/06/18 02:50, Derek Zimmer wrote:
I'm still working on this, as I think it is worthwhile for us to
explore and get some hard data on how all of these things perform in a
real world environment.
I've been stalled by transitioning to a new job.
>Same here. I guess this interacts with other properties, like the delay
>OpenVPN itself adds. And that is where AES-GCM, with it's blazingly
>fast hardware acceleration, outperforms AES-CBC + HMAC-SHA in orders of
>magnitude (at the crypto level).
This might be interesting, and it also might be why my real world
testing doesn't match what we see at
https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux
<https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux>
It looks like this experiment was conducted on machines on a LAN with
virtually no latency / forwarding being done, so while it does show us
some theoretical numbers they don't seem to apply to the real-world
use-cases that we are hoping to get these types of performance figures
for.
As soon as we start adding latency and jitter performance seems to
tank with these optimizations.
So that I am not chasing phantoms, do we have any real-world examples
of the claim by janj...@nikhef.nl <http://nikhef.nl> or are we just
going off of the Gigabit_Networks_Linux page? If we have real world
examples of configurations that can push more than 250Mbit (on a 1Gb
controller) or 2.5Gbit (on a 10Gb controller) over connections with
more than 10ms of latency then it would allow me to significantly
narrow my search for problem areas.
the experiment *was* conducted on a LAN with virtually no latency at
that time. However, I've just repeated the experiment going from a
university to my institute (~ 50 km distance) using a 1 Gbps connection.
The results are nearly identical:
[ 5] local 10.200.0.2 port 34072 connected with 10.200.0.1 port 5001
[ 5] 0.0-10.0 sec 707 MBytes 592 Mbits/sec
[ 4] local 10.200.0.2 port 5001 connected with 10.200.0.1 port 51086
[ 4] 0.0-10.0 sec 874 MBytes 731 Mbits/sec
(where the LAN performance is ~ 910 Mbps).
Server: Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz
Client: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz
so as you see I am using 4+ year old hardware for this.
I am happy to work with you to figure out what is causing the
performance to tank. I've got access to 1 & 10 Gbps (and possible
higher) internet links and am very curious what is causing the jitter
on your end.
For higher latency links, the main option to tweak seems to be
--txqueuelen : increase this to at least 1000 to improve performance.
Please contact me off-list if you want to work together on this.
HTH,
JJK / Jan Just Keijser
On Sun, May 6, 2018 at 8:04 AM, Steffan Karger <stef...@karger.me
<mailto:stef...@karger.me>> wrote:
Hi,
On 04-05-18 17:45, Jan Just Keijser wrote:
> On 04/05/18 16:41, Derek Zimmer wrote:
>> What conclusions can we draw from this?
>>
> My main conclusion has always been that OpenVPN is limited by
the number
> of user-to-kernel space transitions , not by anything else.
Same here. I guess this interacts with other properties, like the
delay
OpenVPN itself adds. And that is where AES-GCM, with it's blazingly
fast hardware acceleration, outperforms AES-CBC + HMAC-SHA in
orders of
magnitude (at the crypto level).
Some while ago, I looked a bit into this, and started at looking to
improve the user/kernel interfaces. I posted a proof-of-concept patch
that might be interesting to check out if you're doing performance
testing:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13699.html
<https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13699.html>
I'd be very interested to know if using recvmmsg() improves the
performance in you measurements. (I never got to picking this up
again,
because dayjob, bug reports and life in general got in the way...)
-Steffan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
<mailto:Openvpn-devel@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
<https://lists.sourceforge.net/lists/listinfo/openvpn-devel>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
