Hi, Terribly sorry about the duplicated message.
I've completed the upgrade to Tinc 1.0.31 but, have not seen much of a performance increase. The change looks to be similar to switching to both aes-256-cbc w/ sha256 (which are now the default so, that makes sense). Out tinc.conf is reasonably simple: Name = $hostname_for_node Device = /dev/net/tun PingTimeout = 60 ReplayWindow = 625 ConnectTo = $remote_node_name_here ConnectTo = $remote_node2_name_here ConnectTo = $remote_node3_name_here ConnectTo = $remote_node4_name_here ConnectTo = $remote_node5_name_here ConnectTo = $remote_node6_name_here Sadly, I'm out of ideas on how to improve the performance here. I've tried to change the following sysctl settings: net.core.somaxconn='4096' net.core.rmem_max='16777216' net.core.wmem_max='16777216' as was recommended by one of peers. That seems to have actually decreased the perf across the board by around 2% (but that might just be due to fluctuations in the network, I'm not entirely sure) One of my iperf3 tests is between 2 c3.large AEC2 instances in us-east. I'm able to get ~556Mb/s over the internet. Going soley over the Tinc network though, that drops to 158Mb/s. For instances in the same region (I'm testing in Ireland, Oregon, and Virginia) to instances within that region, I'm averaging around 26% over the bandwidth being availible over the tinc network versus over the internet. Is that % overhead expected or have we just poorly configured something? Totally willing to grab any numbers/stats that might assist here. Thanks again, Jared -- Jared Ledvina [email protected] On Tue, May 16, 2017, at 05:08 PM, Jared Ledvina wrote: > Hi, > > We've been running tinc for a while now but, have started hitting a > bottleneck where the number of packets/sec able to be processed by our > Tinc nodes is maxing out around 4,000 packets/sec. > > Right now, we are using the default cipher and digest settings (so, > blowfish and sha1). I've been testing using aes-256-cbc for the cipher > and seeing ~5% increases across the board. Each Tinc node does have > AES-NI. > > I've also read through/found https://github.com/gsliepen/tinc/issues/110 > which is very interesting. > > The TInc nodes are all on Centos6 AWS EC2 instances as c3.large's w/ > EIP's. I've been testing with iperf3 and am able to get around 510Mb/s > on the raw network. Over the tun interface/Tinc network, I'm only able > to max it out to around 120Mb/s. > > Anyone have any suggestions on settings or system changes that might be > able to assist here? I'm also curious if upgrading to 1.0.31 would help > and plan on testing that tomorrow. > > Happy to provide any other information that might be useful. > > Thanks, > Jared > _______________________________________________ > tinc mailing list > [email protected] > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc _______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
