On Tue, 2015-04-28 at 18:52 +0200, Peter Brant wrote: > On Tue, Apr 28, 2015 at 12:27 AM, David Woodhouse <dwmw2 at infradead.org> wrote: > > On Tue, 2015-04-28 at 00:14 +0200, Peter Brant wrote: > >> > > >> Ah, I didn't know that the performance overhead of using TCP was that severe. > > > > Usually it shouldn't be. But if you have a lossy path, it's going to > > hurt a lot. It's best to eliminate it first. > > > Just a short follow-up to report that in my particular case, the > performance overhead of using TCP was indeed that severe. > The upstream firewall at my workplace is now passing DTLS traffic and > I'm happy to report that I was able scp a large (170MB) tgz file down > from an internal server with an average transfer rate (over four > transfers) of 3.7 MB/s as compared with about 100 KB/s yesterday. Interesting. On these speeds it also matters the ciphersuite in use. Currently the fastest supported is AES-GCM and is supported by openconnect only. Hopefully chacha20-poly1305 will also be added which will allow higher speeds and less resources spent in server side. regards, Nikos
