From owner-freebsd-stable@FreeBSD.ORG Wed Mar 18 22:28:59 2015 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E5D3AFCF for ; Wed, 18 Mar 2015 22:28:59 +0000 (UTC) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [IPv6:2607:f3e0:0:1::12]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "smarthost.sentex.ca", Issuer "smarthost.sentex.ca" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AABA067F for ; Wed, 18 Mar 2015 22:28:59 +0000 (UTC) Received: from [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a] (saphire3.sentex.ca [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a]) by smarthost1.sentex.ca (8.14.9/8.14.9) with ESMTP id t2IMSwNu009762; Wed, 18 Mar 2015 18:28:58 -0400 (EDT) (envelope-from mike@sentex.net) Message-ID: <5509FC19.2020201@sentex.net> Date: Wed, 18 Mar 2015 18:28:41 -0400 From: Mike Tancsa Organization: Sentex Communications User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: John-Mark Gurney Subject: Re: 35-40% performance drop releng9 vs releng10 openvpn References: <5506250A.2000506@sentex.net> <20150316132055.GQ32288@funkthat.com> <5509D6C6.4050204@sentex.net> <20150318211457.GL51048@funkthat.com> In-Reply-To: <20150318211457.GL51048@funkthat.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.75 Cc: FreeBSD-STABLE Mailing List X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2015 22:29:00 -0000 On 3/18/2015 5:14 PM, John-Mark Gurney wrote: > > So, I would first identify the machine w/ the cpu limited load.. I > assume that is apu... Yup, the APU. The machines on either side are significantly faster > Then I would look at where most of the cpu time > is being spent, be it openvpn itself, or in the kernel... Most likely > it is the kernel, so getting stacks from the kernel would be more useful > than the one you generated... Use the command: > # dtrace -x stackframes=100 -n 'profile-997 /arg0/ { @[stack()] = count(); } tick-60s { exit(0); }' -o out.kern_stacks > > Also, another thing you can do is to compare the two using differential > flame graphs: > http://www.brendangregg.com/blog/2014-11-09/differential-flame-graphs.html > > Which will highlight where the performances differ... > Will do, I will work on those. > As I've never used OpenVPN before and their docs don't go into saying > what it's using.. Is OpenVPN a kernel or userland VPN? Do they use > IPSec in the kernel? or are they just using UDP or TCP for their > connections? All in userland. I use UDP for the transport, and it uses OpenSSL in the base for the crypto. In this case, AES-128-CBC. There is no hardware assist on the APU either to offload the AES. ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/