Date: Tue, 20 Jan 2004 21:40:37 -0500 (EST) From: Robert Watson <rwatson@freebsd.org> To: Karl Pielorz <kpielorz@tdx.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD tunnels / performance et'al (gif/tun etc.) Message-ID: <Pine.NEB.3.96L.1040120213749.53972I-100000@fledge.watson.org> In-Reply-To: <100014500.1074636444@rainbow>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 20 Jan 2004, Karl Pielorz wrote: > I've just setup a FreeBSD tunnel (we've tried both gif and tun [via > nos-tun]) now between two fairly large networks of machines... What version of FreeBSD are you using? If using FreeBSD 5.x, you may well want to switch to 4.x for at least one more minor version, as interrupt latency hasn't been optimized in 5.x yet since the move to interrupt threads, and the network stack also runs with Giant in 5.2 out of the box. I wouldn't think this would hurt you as much as seen below, but it's worth keeping in mind. Also, I would generally expect gif, gre, et al, to be faster than tun-based tunneling, as they avoid the trip through userspace, which involves a number of packet copies. Thanks, Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research > We've routed multiple class C networks over the tunnel - only to find the > performance is, basically abysmal :( > > If I do a transfer from the machines 'wan' facing addresses directly, it > works fine [we get about 230Kbytes a sec, on a 2mbit link between the > hosts] - if I do a transfer from machine to machine via the tunnel endpoint > IP's - we get about 140-160Kbytes a second... > > But 'general' traffic going across the link gets really lousy rates, and > seems very 'staccato' (e.g. a few hundred bytes per second to a host). > > We've been careful re. MTU sizes by deploying tcpmssd where needed (e.g. > for gif) > > Has anyone got any experience of routing large networks of traffic via > tunnels under FreeBSD? > > As a comparison a linksys vpn box did the same thing for a single VPN and > got nearly 200k with one host, and degraded 'fairly' with others online > [but unfortunately doesn't have the support for multiple networks over the > VPN etc. that we need]. > > Any help, info, or experience greatly appreciated... > > -Karl > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040120213749.53972I-100000>