Changes between Version 3 and Version 4 of Gigabit_Networks_Linux

Timestamp:

05/02/11 11:03:43 (13 years ago)

Author:

JJK

Comment:

--

Gigabit_Networks_Linux

@@ -3 +3 @@
 It is easily possible to saturate a 100 Mbps network using an OpenVPN tunnel. The throughput of the tunnel will be very close to the throughput of regular network interface. On gigabit networks and faster this is not so easy to achieve. This page explains how to increase the throughput of a VPN tunnel to near-linespeed for a 1 Gbps network. Some initial investigations using a 10 Gbps network are also explained.
 
-= Network setup =
+== Network setup ==
 
 For this setup several machines were used, all connected to gigabit switches:
@@ -12 +12 @@
 Before starting, the "raw" network speed was measured using 'iperf'. As expected, '''iperf''' reported consistent numbers around '''940 Mbps''', which is (almost) optimal for a gigabit LAN. The MTU size on all switches in the gigabit LAN was set to 1500.
 
-= Understanding the flow of packets
+== Understanding the flow of packets ==
 
 It is important to understand how packets flow from the 'iperf' client via the OpenVPN tunnel to the 'iperf' server. The following diagram helps to clarify the flow:
 
 [[Image(OpenVPN-packetflow.png, 800px)]]
+
+when an 'iperf' packet is sent to the VPN server IP address, the packet enters the kernel's 'tun0' device. The packet is then forwarded to the userspace OpenVPN process, where the headers are stripped. The packet is then encrypted and signed using OpenSSL calls. The resulting packet is then fragmented into pieces according to the '--fragment' and --mssfix' options. Afterwards, the encrypted packet is sent out over the regular network to the OpenVPN server. On the server, the process is reversed. First, the packet is reassembled, then decrypted and finally sent out the 'tun0' interface.
+