Hi We are running a couple of openvpn servers with relatively high load (Opterons 2xDC, e1000, recent kerneles) and it seems as if most of the CPU time is not used on cryptography, but in softirq (send/recv for udp and read/write on tun?). This has lead us to suspect that most of the time is spent pumping data between userspace and kernelspace.
Now, we are still investigating this, but I thought I'd ask around too:. Does anyone have a take on this, could a considerable (upwards of 10%) increase in openvpn capacity be accomplished by optimizing udp/tun interfaces of the kernel (a mechanism like ring buffers?) or are we on a wrong track? Furthermore (if it is possible) would anyone care to develop such a solution? You'd get compensated for your trouble, naturally. Thanks for your attention, Siim
