RE: [EXTERNAL] Re: What throughput is reasonable?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I notice you committed the changes we tested yesterday to GIT -- but with the vpn_progress() call still intact.  Would it be better to eliminate that unless a debug/verbosity level is set?
Running in that way for a long period would certainly overrun my log file storage pretty quickly, and of course, it slows things down.

>>You can also experiment with increasing core.wmem_{default,max} at this
>>point and see if it now helps.

Adjusting these values seems to have no benefit, nor does reducing the MTU.  I'm fairly confident there's nothing in the path that's fragmenting packets as the received packet count at the destination is the same as the send packet count at the VPN client.

I set these values thusly:

net.core.rmem_max=8388608
net.core.wmem_max=8388608
net.core.rmem_default=262144
net.core.wmem_default=262144
net.ipv4.udp_mem=8388608 12582912 16777216
net.ipv4.udp_rmem_min=16384
net.ipv4.udp_wmem_min=16384

which provides rather large increases compared to the RHEL 7 defaults:

net.core.rmem_max=212992
net.core.wmem_max=212992
net.core.rmem_default=212992
net.core.wmem_default=212992
net.ipv4.udp_mem= 767649 1023535 1535298
net.ipv4.udp_rmem_min=4096
net.ipv4.udp_wmem_min=4096

... but no measurable benefit.

Going back to Nikos' comments (on two separate messages) on March 10:

>> Nevertheless on the crypto side, openconnect's ESP support is based on 
>> CBC ciphers which are quite slow.

>> > > Tony, what's the output of gnutls-cli --benchmark-tls-ciphers on
>> > > that platform?
>> 
>> Testing throughput in cipher/MAC combinations (payload: 1400 bytes)
>>                   RSA_ARCFOUR_128_SHA1  94.63 MB/sec
>>                    RSA_ARCFOUR_128_MD5  96.69 MB/sec
>>                 RSA_AES_128_GCM_SHA256  0.66 GB/sec
>>                   RSA_AES_128_CBC_SHA1  146.48 MB/sec
>>              RSA_CAMELLIA_128_CBC_SHA1  48.80 MB/sec
>> 
>> Testing throughput in cipher/MAC combinations (payload: 15360 bytes)
>>                   RSA_ARCFOUR_128_SHA1  121.17 MB/sec
>>                    RSA_ARCFOUR_128_MD5  106.72 MB/sec
>>                 RSA_AES_128_GCM_SHA256  1.05 GB/sec
>>                   RSA_AES_128_CBC_SHA1  196.41 MB/sec
>>              RSA_CAMELLIA_128_CBC_SHA1  53.76 MB/sec
>
>The throughput is still much larger than what you see over the VPN.

So now we're getting close to the benchmark for RSA_CAMELLIA_128_CBC_SHA1 numbers.

How do I know what cipher is in use here?  ... and is it possible to switch to one of the higher-performing ciphers?


_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux