On Saturday, 3 March 2018 03:09:25 GMT Ian Zimmerman wrote: > On 2018-03-02 20:12, R0b0t1 wrote: > > I can't find it again, but there was a neat writeup investigating the > > TCP over TCP "tunnel collapse" phenomena. When two layers are doing > > the same thing, there is a tendency for both to behave poorly. I'm not > > sure any deeper explanation was or can be offered, but it is something > > that holds true not only for network traffic, but disk IO and > > databases as well. > > I think I've seen that too, and it was when I decided to install and > learn openvpn in place of the everything-over-ssh setup I had before.
I think the problem you mention refers to TCP retransmission timeouts, when you stack one TCP packet within another. RFC3439 warns against TCP layering: https://tools.ietf.org/html/rfc3439#page-7 UDP encapsulation as used for e.g. VPN does not suffer with the same problem because it does not use the same transmission quality control mechanism as TCP. I have used SSH within IPSec VPN tunnels without retransmission problems (both with and without UDP encapsulation). I am not sure if block device I/O protocols suffer the same problem - I don't really know how the read/write SCSI commands are queued and processed between host and guest OS. What I have noticed is abstraction layers relating to partitioning schemes, e.g. good ol' primary Vs logical partitions, make a difference *only* when the partition is initially mounted, but not thereafter. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
