Hi, On 23/05/14 18:05, Martin Hicks wrote: > Hello, > > I've been investigating using openvpn as a tunnel initiator between to > sites, and have been struggling to find the reason that performance is > so poor when transmitting from an openVPN client running powerpc linux > and using a PSK/tun setup. > > > | ppclinux | ---------- | openvpn server | ------- | FTP client | > > The ppclinux machine initiates a connection to the openvpn server. > And the ppclinux machine hosts a vsftpd FTP daemon. In order to avoid > benchmarking encryption, I have both sides specify: > > cipher none > auth none > no-replay > > The FTP client pushing data to the FTP server via a PUT command works > fairly well, with transmit speeds in the 6-7MB/s range (the IP routed > performance, with no tunnels, is about 12MB/s), however doing a "GET" > results in performance that peaks around 800KB/s. > > The ppclinux machine looks pretty well idle while pushing out the > 800KB/s, with the profiles showing that softirqs are the only big > consumer of cycles, so it seems like it's some issue of the kernel > copying in/out of the tun device from the openvpn server? Has anyone > experienced this before? The top of the opreport is below. > > I looked at strace output also, and the openvpn server seems to be > reading/writing ~1350 byte packets on each transmit. > > I tried things like swapping the openvpn server/client (no change), > using the kernel's IPIP tunneling (performance is great), and moving > the openvpn tunnel to be between the openvpn server and the FTP client > (both x86 linux machines -- performance is great).
tuning openvpn performance is a recurring topic on this mailing list; I wrote a wiki entry on it once http://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux I'd suggest adding fragment 0 mssfix 0 to both sides to see if that helps. Also, I'm a bit unclear about your network setup and about which OS is running on the FTP client, the FTP server and the openvpn router in between. Finally, it would be helpful to know the Linux kernel version on all machines, whether there are firewall/iptables rules in place and which version of OpenVPN you are using. HTH, JJK > > CPU: e500, speed 800 MHz (estimated) > Counted CPU_CLK events (Cycles) with a unit mask of 0x00 (No unit > mask) count 100000 > samples % image name app name symbol > name > 63659 44.4683 vmlinux vmlinux > __do_softirq > 10095 7.0517 vmlinux vmlinux > arch_cpu_idle > 5900 4.1214 vmlinux vmlinux > finish_task_switch > 4179 2.9192 ath9k ath9k /ath9k > 3969 2.7725 mac80211 mac80211 /mac80211 > 2227 1.5556 vmlinux vmlinux > _raw_spin_unlock_irqrestore > 1870 1.3063 vmlinux vmlinux tcp_ack > 1534 1.0716 vmlinux vmlinux > tick_nohz_idle_enter > 1378 0.9626 vmlinux vmlinux > tcp_transmit_skb > 1374 0.9598 vmlinux vmlinux memcpy > 1281 0.8948 vmlinux vmlinux > tcp_write_xmit > 1049 0.7328 oprofiled oprofiled > /usr/bin/oprofiled > 978 0.6832 tun tun /tun > 892 0.6231 vmlinux vmlinux > ring_buffer_consume > 876 0.6119 ath9k_hw ath9k_hw /ath9k_hw > ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
