Re: [Openvpn-devel] OVPN vs IPSec performance as a transport

On 05/01/18 00:52, Tom Kunz wrote: That would explain it if it always worked that way. But I can get 400%+ wire speed from A to B with compressible data, and 102% with incompressible data. If I do the same test from B to A or A to B, I get those results. If I hop off of that to C, speed goes

Re: [Openvpn-devel] OVPN vs IPSec performance as a transport

> -SNIP- > I haven't taken the time to fully understand the tests you've done etc. > [And it does seem you are not some neophyte blindly hacking your way > through this...] > > However, I will tell you that it's *very* common for people to do things > that appear very similarly as you describe, and

Re: [Openvpn-devel] OVPN vs IPSec performance as a transport

-SNIP- I haven't taken the time to fully understand the tests you've done etc. [And it does seem you are not some neophyte blindly hacking your way through this...] However, I will tell you that it's *very* common for people to do things that appear very similarly as you describe, and find the

Re: [Openvpn-devel] OVPN vs IPSec performance as a transport

Hi Samuli, Yes, that was the document that I read before going down this path.  I did a bunch of testing and found the optimum MTU range in my setup is 47500 to 52500, and 5 is probably as close to the peak as necessary. When I have 2 nodes, nothing between them and not routing to elsewhere,

Re: [Openvpn-devel] OVPN vs IPSec performance as a transport

Hi, On 05/01/18 15:06, Simon Matter wrote: > Hi, > >> That would explain it if it always worked that way. >> But I can get 400%+ wire speed from A to B with compressible data, and >> 102% with incompressible data.  If I do the same test from B to A or A >> to B, I get those results.  If I hop off

Re: [Openvpn-devel] OVPN vs IPSec performance as a transport

Hi, > That would explain it if it always worked that way. > But I can get 400%+ wire speed from A to B with compressible data, and > 102% with incompressible data.  If I do the same test from B to A or A > to B, I get those results.  If I hop off of that to C, speed goes from >>1Gbps to sub-200Mbp

Re: [Openvpn-devel] OVPN vs IPSec performance as a transport

This does not answer your question, either, but there are more details on OpenVPN performance optimization here: Increasing the MTU helps as it reduces the number of user<->kernel-space switches. -- Samuli Seppänen Community Ma

Re: [Openvpn-devel] OVPN vs IPSec performance as a transport

That would explain it if it always worked that way. But I can get 400%+ wire speed from A to B with compressible data, and 102% with incompressible data.  If I do the same test from B to A or A to B, I get those results.  If I hop off of that to C, speed goes from >1Gbps to sub-200Mbps.  In either

Re: [Openvpn-devel] OVPN vs IPSec performance as a transport

I'm sure someone else, or a Google search will get you a more detailed run-down - but the gist of the "problem" is this; OpenVPN is run in user-space, not kernel space. IPSec runs in kernel space, and the difference is vastly diminished throughput. HTH -Greg On Jan 4, 2018 3:23 PM, "Tom Kunz"

[Openvpn-devel] OVPN vs IPSec performance as a transport

Hi, I have been testing OVPN 2.4.4 vs StrongSwan IPSec, to be used as transport, and I have found something that I think might be a performance issue.  I have 3 linux boxes, A, B, and C.  All interfaces are 1Gbps.  Each has an interface to the next one downstream: A - eth0=10.10.10.10/24 and eth1