Hi, On 04-05-18 17:45, Jan Just Keijser wrote: > On 04/05/18 16:41, Derek Zimmer wrote: >> What conclusions can we draw from this? >> > My main conclusion has always been that OpenVPN is limited by the number > of user-to-kernel space transitions , not by anything else.
Same here. I guess this interacts with other properties, like the delay OpenVPN itself adds. And that is where AES-GCM, with it's blazingly fast hardware acceleration, outperforms AES-CBC + HMAC-SHA in orders of magnitude (at the crypto level). Some while ago, I looked a bit into this, and started at looking to improve the user/kernel interfaces. I posted a proof-of-concept patch that might be interesting to check out if you're doing performance testing: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13699.html I'd be very interested to know if using recvmmsg() improves the performance in you measurements. (I never got to picking this up again, because dayjob, bug reports and life in general got in the way...) -Steffan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
