Context Navigation

Changes between Version 7 and Version 8 of Gigabit_Networks_Linux

-                      v7
+                      v8
 Now an '''iperf''' result of '''307 Mbps''' is obtained.
+By playing with the '--tun-mtu' size we obtain
+||=  MTU= ||= Blowfish =||= AES256 =||
+||= 1500=|| 158 || 126 ||
+||= 6000=|| 307 || 220 ||
+||= 9000=|| 370 || 249 ||
+||=12000=|| 416 || 252 ||
+||=24000=|| 466 || 259 ||
+||=36000=|| 470 || 244 ||
+||=48000=|| 510 || 247 ||
+||=60000=|| 488 || 221 ||
+By playing with the '--tun-mtu' size we obtain (all speeds in Mbps)
+|| MTU || Blowfish || AES256 ||
+|| 1500|| 158 || 126 ||
+|| 6000|| 307 || 220 ||
+|| 9000|| 370 || 249 ||
+||12000|| 416 || 252 ||
+||24000|| 466 || 259 ||
+||36000|| 470 || 244 ||
+||48000|| 510 || 247 ||
+||60000|| 488 || 221 ||
+For the default Blowfish cipher the optimal value for the 'tun-mtu' paramters for a link between these two servers seems to be '''48000''' bytes.
+By increasing the MTU size of the tun adapter '''and''' by disabling OpenVPN's internal fragmentation routines the throughput can be increased quite dramatically. The reason behind this is that by feeding larger packets to the OpenSSL encryption and decryption routines the performance will go up. The second advantage of not internally fragmenting packets is that this is left to the operating system and to the kernel network device drivers. For a LAN-based setup this can work, but when handling various types of remote users (road warriors, cable modem users, etc) this is not always a possibility.