|
|
On Tue, 12 Jul 2005, Jason Keltz wrote: > I am trying to determine the VPN performance on our server - a dual Xeon > 3.2 Ghz system. I am using the well known "iperf" tool for testing. > When I run a test from one client to the server, the results are > basically predictable: > > NON-VPN: > [ 5] 0.0-60.0 sec 673 MBytes 94.1 Mbits/sec > > VPN: > [ 5] 0.0-60.0 sec 642 MBytes 89.8 Mbits/sec > > When I run with 1 client, and 10 streams between the client and server, > the results are also basically predictable: > > NON-VPN: > > [SUM] 0.0-60.1 sec 674 MBytes 94.1 Mbits/sec > > VPN: > > [SUM] 0.0-60.1 sec 642 MBytes 89.7 Mbits/sec > > What is not predictable is what happens if I run with 10 clients, 10 > streams between client and server each, I get: > > NON-VPN: > > [SUM] 0.0-60.1 sec 601 MBytes 83.9 Mbits/sec > [SUM] 0.0-60.1 sec 599 MBytes 83.6 Mbits/sec > [SUM] 0.0-60.3 sec 597 MBytes 83.0 Mbits/sec > [SUM] 0.0-60.1 sec 598 MBytes 83.6 Mbits/sec > [SUM] 0.0-60.3 sec 594 MBytes 82.7 Mbits/sec > [SUM] 0.0-60.1 sec 602 MBytes 84.0 Mbits/sec > [SUM] 0.0-60.1 sec 606 MBytes 84.6 Mbits/sec > [SUM] 0.0-60.1 sec 601 MBytes 83.9 Mbits/sec > [SUM] 0.0-60.1 sec 599 MBytes 83.6 Mbits/sec > [SUM] 0.0-60.1 sec 598 MBytes 83.5 Mbits/sec > total: 836.4 Mbits/sec > > VPN: > > [SUM] 0.0-81.2 sec 248 MBytes 25.7 Mbits/sec > [SUM] 0.0-87.1 sec 234 MBytes 22.5 Mbits/sec > [SUM] 0.0-104.8 sec 320 MBytes 25.6 Mbits/sec > [SUM] 0.0-105.4 sec 475 MBytes 37.8 Mbits/sec > [SUM] 0.0-107.4 sec 212 MBytes 16.6 Mbits/sec > [SUM] 0.0-107.3 sec 178 MBytes 13.9 Mbits/sec > [SUM] 0.0-110.0 sec 187 MBytes 14.3 Mbits/sec > [SUM] 0.0-113.2 sec 225 MBytes 16.7 Mbits/sec > [SUM] 0.0-116.3 sec 234 MBytes 16.9 Mbits/sec > [SUM] 0.0-153.0 sec 641 MBytes 35.1 Mbits/sec > total: 225.1 Mbits/sec > --- > > I've run this test several times and get basically the same results. > > The NON-VPN case is predictable, but the VPN case, I do not understand > at all. > > The clients are on 100 mbit full duplex. The server has 1 gbit full duplex. > > Why is there such a difference between the VPN and NON-VPN case in the > last case!? The first thing that comes to mind is buffering. With so many simultaneous streams sharing the same buffers in OpenVPN and the TUN/TAP driver, the effective buffer space per stream is decreasing. Take a look at these options and try increasing them: --sndbuf size : Set the TCP/UDP send buffer size. --rcvbuf size : Set the TCP/UDP receive buffer size. --txqueuelen n : Set the tun/tap TX queue length to n (Linux only). To see defaults, try this: # openvpn --dev tap --verb 4 | grep -Ei 'tx|rcv|snd' Tue Jul 12 12:04:15 2005 us=468526 rcvbuf = 65536 Tue Jul 12 12:04:15 2005 us=468535 sndbuf = 65536 Tue Jul 12 12:04:15 2005 us=511835 TUN/TAP TX queue length set to 100 The TX queue length is only supported on Linux. Keep in mind that you may need to change global kernel settings in order to be able to set significantly higher limits. Also, check OpenVPN process CPU utilization during the tests. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-07/msg00098.html on line 266 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-07/msg00098.html on line 266 |