Hi, On 30/05/14 23:23, Silviu Popescu wrote: > Hi, > > I'm having some issues when attempting to run iperf over an OpenVPN TCP > tunnel. > My setup consists of 2 Openstack Linux VMs with Gigabit Ethernet > between them. When measuring the bandwidth between the VMs without any > tunnel, I get aroung 950Mbps. > > However, when I use a TCP tunnel, things are weird. The tests that > finish report a bandwidth of around 500Kbps (yes, Kbps, that is no > typo). Most of the time however, the tests just hang. If i try to stop > the server-side iperf, I get the following message: "Waiting for > server threads to complete. Interrupt again to force quit.". After > interrupting the iperf, the OpenVPN tunnel is unusable, as in I cannot > even ping the other peer. > > I have used various options to reduce the overhead introduced by > OpenVPN, based on the tips from a community article[1]. Currently I am > starting the OpenVPN tunnel like this: > > openvpn --daemon --remote $CLIENT_IP --proto tcp-server --dev tun1 > --ifconfig $SERVER_TUNNEL_IP $CLIENT_TUNNEL_IP --cipher none --auth > none --fragment 0 --mssfix 0 --tun-mtu 10000 > > and a similar command on the client, but with the IPs changed and the > tcp-client protocol. > > I understand that TCP over TCP should behave badly since the > congestion algorithm from the nested TCP will interfere with the > congestion algorithm from the outer TCP, but something doesn't seem > right. > > I've tried debug logs, strace logs, ltrace logs, looking in dmesg, but > I couldn't find any error messages that would provide an answer. > > Should the bandwidth drop so dramatically, from 950Mbps to 500Kbps? > Should iperf hang like this? Why is the OpenVPN tunnel unusable > afterwords? Has anyone experienced something similar before? > > [1] https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux >
I'm the author of [1] and I have not seen such a dramatic drop with physical hardware. There are a number of things I can think of: - there's a problem with tcp-tcp traffic between VMs - there's an MTU problem on the lower TCP link - what kind of performance do you get with '--tun-mtu 1400' ? and the other thing I can think of is the type of virtualization used - the "free" version of vmware have crippled TCP performance, for example (but not UDP which results in better network performance with openvpn on VMplayer :) ) HTH, JJK ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
