[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Baffling Performance Problems, Any Debugging Ideas?

  • Subject: Re: [Openvpn-users] Baffling Performance Problems, Any Debugging Ideas?
  • From: Blake Watters <blake@xxxxxxxxxxxxx>
  • Date: Thu, 20 Dec 2007 17:00:41 -0500

Yes. And performance screams (700-800k across the net). What's really  
interesting since I've gotten back into it today is that if I initiate  
the data transfers from a different machine on the network going  
through the virtualized OpenVPN endpoints then performance screams. So  
it seems that this must be something along the Xen network layer or  
the bridging, so I'm off to chase that dragon.

On Dec 20, 2007, at 6:47 AM, Erich Titl wrote:

> Hi
> Blake Watters wrote:
>> I am deploying OpenVPN for the forth time in a production setting and
>> I am having a baffling set of performance issues that I am totally  
>> out
>> of ideas for debugging. Here's the situation:
>> I have two geographically separate clusters of machines, one in a  
>> data
>> center and one inside our development teams offices. Each cluster
>> consists of several machines running Linux Xen with a number of VM's
>> inside the machines. On each end I have a VM running OpenVPN over UDP
>> in routed persistent tun mode with TLS. In the data center I have a
>> pair of NetScreen 50's handling the routing -- they have reverse
>> routes configured back to the VPN IP block and the remote LAN. In the
>> office, I have a brand new Linksys with the opposite configuration.
>> Everything seems happy. Until I start rsyncing or scp'ing data across
>> the pipe.
>> No matter what I do, I can't get the performance into anything beyond
>> an absolute joke. I see between 4 and 20k a second data transfers --
>> its ridiculous. I've tried changing MTU's, experimented with TCP,
>> checked the results from different endpoints across the connection,
>> looked at fragmentation settings, everything I can think of. I've
>> successfully run VoIP over OpenVPN with far less substantial  
>> hardware,
>> so I must be missing some key bit data point here or just be so
>> cracked out after 10 hours of fighting with it that I am missing
>> something obvious.
>> Anybody have any ideas what could pull the performance down to such
>> abysmal levels?
> Xen ???
> Have you tried _real_ machines for the OpenVPN endpoints?
> cheers
> Erich

Openvpn-users mailing list