Re: OpenVPN throughput

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



  On 08/30/10 6:10 AM, drew einhorn wrote:
> On Mon, Aug 30, 2010 at 4:20 AM,<J.Witvliet@xxxxxxxxx>  wrote:
>
>> Last year i've been doing some experiments with openvpn.
>> Just as the O.P. I was curious about sustainable throughput, and was disapointed about the results
>>
>> To obtain maximum resulst, i did:
>> - use two rather heavy machines (HP DL380-G6, dual quad core)
>> - two dedicated 10Gb-nic's
>> - cross-connect both nics
>> - DISABLE openvpn-debug (as it is VERY cpu expensive)
>> - raise MTU to 4K
>>
>> Bottleneck was (in my case) the openvpn-process, that was running 100% on a single core,
>> While network was not saturated.
>>
>> So for max throughput, it is probably strongswan (ipsec) or hw-encryption [or both]
>>
> What was the bandwidth when the cpu bottlenecked?
> Were you running a single tcp connection transferring a single file?
> Or, a mix of traffic with multiple tcp connections, udp traffic, etc?
> I'm wondering if a more complex traffic mix would get the other cpus working,
> and increase the total throughput.


I'm pretty sure one SSL-VPN tunnel == one process.  its not going to 
fork different packets to different threads, as its really paying no 
attention to sockets and connections within that tunnel.

did you try forcing the blowfish cipher?  I've heard that's lower in CPU 
overhead than most others, although I've not tested this.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux