On 30/05/2014 23:23, Silviu Popescu wrote: > Hi, > > I'm having some issues when attempting to run iperf over an OpenVPN TCP > tunnel. > My setup consists of 2 Openstack Linux VMs with Gigabit Ethernet > between them. When measuring the bandwidth between the VMs without any > tunnel, I get aroung 950Mbps. > > However, when I use a TCP tunnel, things are weird. The tests that > finish report a bandwidth of around 500Kbps (yes, Kbps, that is no > typo). Most of the time however, the tests just hang. If i try to stop > the server-side iperf, I get the following message: "Waiting for > server threads to complete. Interrupt again to force quit.". After > interrupting the iperf, the OpenVPN tunnel is unusable, as in I cannot > even ping the other peer. > > I have used various options to reduce the overhead introduced by > OpenVPN, based on the tips from a community article[1]. Currently I am > starting the OpenVPN tunnel like this: > > openvpn --daemon --remote $CLIENT_IP --proto tcp-server --dev tun1 > --ifconfig $SERVER_TUNNEL_IP $CLIENT_TUNNEL_IP --cipher none --auth > none --fragment 0 --mssfix 0 --tun-mtu 10000 > > and a similar command on the client, but with the IPs changed and the > tcp-client protocol. > > I understand that TCP over TCP should behave badly since the > congestion algorithm from the nested TCP will interfere with the > congestion algorithm from the outer TCP, but something doesn't seem > right. > > I've tried debug logs, strace logs, ltrace logs, looking in dmesg, but > I couldn't find any error messages that would provide an answer. > > Should the bandwidth drop so dramatically, from 950Mbps to 500Kbps? > Should iperf hang like this? Why is the OpenVPN tunnel unusable > afterwords? Has anyone experienced something similar before? > > [1] https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux > > Thank you, > Silviu Popescu > > ------------------------------------------------------------------------------ > Time is money. Stop wasting it! Get your web API in 5 minutes. > www.restlet.com/download > http://p.sf.net/sfu/restlet > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users
Hi Silviu, all You definitely should try using UDP instead of TCP. Your tunnel will transport TCP trafic faster. I have encountered such issues in the past. Check also the MTU + MSS on the whole path. Please, list members, confirm this, but i believe OpenVPN is not able to wistand more than around 100-150Mbps. Am i correct with this statement ? For such a bandwidth (IMHO), you should consider another option to transport your PTP traffic. I let the other members confirm/complete this. Eventually, to eliminate any other misconfig issues, you may want to run an IPerf test, using both TCP and UDP, just to ensure you basic network conf is OK. I don't know the distance btw your two points, but remember that the RTT has a huge impact on your bandwidth, especially when we are talking about thousands of kilometers. Depending on this A-B distance, you may use the following tool to calculate max bandwith [https://www.switch.ch/fr/network/tools/tcp_throughput/]. Compare this theorical value with IPerf results and check whether both results are close. This will at least ensure your whole path is healthy. Good luck on this, can be challenging ;) Best, -- Erik ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
