[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] How to reduce CPU usage / no certificate login?

  • Subject: Re: [Openvpn-users] How to reduce CPU usage / no certificate login?
  • From: "Prasanna Krishnamoorthy" <prasanna79@xxxxxxxxx>
  • Date: Wed, 26 Sep 2007 10:26:08 +0530


You'll need to check the encryption algo you're using - blowfish is
much faster than 3DES, AES is also faster than 3DES.

You may be able to get an offload card for encryption operations.
Those are expensive from what I can tell.

You may be able to get libssl, where I'm assuming most of the time is
spent, compiled for C2D, as opposed to generic 386/486 - that should
speed things up 10-15% at the very least. Other things to try,
increase re-keying intervals, add a better NIC (might not make much
diff). What OS do the servers use? I presume Linux?

Something that needs to be tested and checked out is the Sun Niagara.
It's got an encryption engine per core and apparently does 40Gbit/s of
encryption. One of those might be more cost-effective for you than  a
whole farm of C2D servers. Sun offers try before you buy on these
servers, so if you really need them, you can get them. Also they used
to have an offer where if you benchmarked the system and they liked
the benchmarking, they'd let you have the server free!

I'm in no way affiliated with Sun, just thought it might be an option
worth investigating for you.



On 9/26/07, Aminuddin <amin.scg@xxxxxxxxx> wrote:
> Hi,
> I'm using a few Intel C2D 6300 and each server can only serve about 90 users
> ina 24X7 operations transmitting a total of 60mbit/sec (upload and download,
> which is only 30% of total bandwidth available.
> CPU usage varies from 60-90% and if I put 10 more users, server will
> randomly crash.
> Is there any option in the server or client config that I can use to reduce
> the CPU usage?  Currently using certificates as authentication, will it
> reduce the load if use login without certificate?
> And for the next question, if login is without cert, how do we control that
> the login of the same username is limited to a single session only? Meaning
> a user cannot use the same ID to login to server at the same time. Is there
> any option in the config file to enable this?
> Thanks
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users

OpenVPN mailing lists