Changes between Version 5 and Version 6 of Gigabit_Networks_Linux


Ignore:
Timestamp:
05/02/11 11:57:08 (13 years ago)
Author:
JJK
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Gigabit_Networks_Linux

    v5 v6  
    11= Optimizing performance on gigabit networks =
    2 
    32It is easily possible to saturate a 100 Mbps network using an OpenVPN tunnel. The throughput of the tunnel will be very close to the throughput of regular network interface. On gigabit networks and faster this is not so easy to achieve. This page explains how to increase the throughput of a VPN tunnel to near-linespeed for a 1 Gbps network. Some initial investigations using a 10 Gbps network are also explained.
    43
    54== Network setup ==
    6 
    75For this setup several machines were used, all connected to gigabit switches:
    86 * two servers running CentOS 5.5 64bit, with an Intel E5440 CPU running @ 2.83GHz; the L2 cache size is 6 MB.
     
    1311
    1412== Understanding the flow of packets ==
    15 
    1613It is important to understand how packets flow from the 'iperf' client via the OpenVPN tunnel to the 'iperf' server. The following diagram helps to clarify the flow:
    1714
     
    2219The resulting packet is then fragmented into pieces according to the '--fragment' and --mssfix' options. Afterwards, the encrypted packet is sent out over the regular network to the OpenVPN server. On the server, the process is reversed. First, the packet is reassembled, then decrypted and finally sent out the 'tun0' interface.
    2320
     21== Standard setup ==
     22The default OpenVPN for CentOS 5 currently is 2.1.4; the system OpenSSL version is 0.9.7e.
     23
     24Using a very plain shared secret key setup for both server (listener)
     25{{{
     26  openvpn --dev tun --proto udp --port 11000 --secret secret.key --ifconfig 192.168.222.11 192.168.222.10
     27}}}
     28and client
     29{{{
     30  openvpn --dev tun --proto udp --port 11000 --secret secret.key --ifconfig 192.168.222.10 192.168.222.11 --remote server
     31}}}
     32an '''iperf''' result of '''156 Mbps''' is obtained.
     33
     34By switching to the cipher '''aes-256-cbc''' the performance drops even further to '''126 Mbps'''. These results were obtained on the two E5440 based servers.
     35
     36
     37