-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/08/14 22:20, Steffan Karger wrote: > Hi Joe, > > On Wed, Aug 6, 2014 at 10:06 PM, Joe Patterson > <j.m.patter...@gmail.com> wrote: >> The only disadvantage I see is that it does prevent a single >> client from being able to be serviced by multiple cores, but if >> I'm not wrong that's going to be a problem whether it's threaded >> or multi-process, unless you're using ecb or ctr ciphers (and I >> don't see any ctr ciphers in my openssl, and wouldn't suggest >> using an ecb one), so I suspect that problem will be endemic. > > For the typical road-warrior scenario (one server, many clients) > you are probably right that a single user won't benefit much from > data-channel threading. However, in a high-capacity site-to-site > link, many concurrent connection by many users are handled by a > single connection instance. In this case threading would enable > processing multiple network packets concurrently. Though that does > not speed up processing of a single packet, it will speed up the > total connection almost linear to the number of cores.
+1 Even though it might look easier to implement a solution similar to Apache's prefork model, I'm not convinced that approach will be easier to implement in OpenVPN's context. Plus, if you start adding more processes than cores, the result will be worse. Yes, splitting up the tasks OpenVPN does over multiple threads/processes is a harder task. But I feel quite confident that's the approach which will scale best. Also due to some work going on in the Linux kernel to make the TUN/TAP driver able to handle multiple rx/tx queues as well. The throughput issue is just as well currently limited to what that driver is able to process, and that's one big bottle neck right now. Especially the TCP checksum calculations [1]. [1] <https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux#a10Gigabitnetworks> So when I propose several threads doing the network rx/tx processing, it is to prepare OpenVPN for the day the TUN/TAP driver fully supports multiples queues, where the kernel pins each queue to a separate CPU cores. - -- kind regards, David Sommerseth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlPikb4ACgkQDC186MBRfrqM+wCfXW9pYpPNk5CAH3UJNwQbq2/k alcAoKDLzmcbTlcHRR023PM6woQSlo5l =F5Hv -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
