From owner-freebsd-questions@FreeBSD.ORG Tue Jan 20 18:42:44 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E88D16A4CE for ; Tue, 20 Jan 2004 18:42:44 -0800 (PST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 677D843D3F for ; Tue, 20 Jan 2004 18:42:42 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.10/8.12.10) with ESMTP id i0L2ehUd084412; Tue, 20 Jan 2004 21:40:43 -0500 (EST) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i0L2ebpS084409; Tue, 20 Jan 2004 21:40:43 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Tue, 20 Jan 2004 21:40:37 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Karl Pielorz In-Reply-To: <100014500.1074636444@rainbow> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD tunnels / performance et'al (gif/tun etc.) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2004 02:42:44 -0000 On Tue, 20 Jan 2004, Karl Pielorz wrote: > I've just setup a FreeBSD tunnel (we've tried both gif and tun [via > nos-tun]) now between two fairly large networks of machines... What version of FreeBSD are you using? If using FreeBSD 5.x, you may well want to switch to 4.x for at least one more minor version, as interrupt latency hasn't been optimized in 5.x yet since the move to interrupt threads, and the network stack also runs with Giant in 5.2 out of the box. I wouldn't think this would hurt you as much as seen below, but it's worth keeping in mind. Also, I would generally expect gif, gre, et al, to be faster than tun-based tunneling, as they avoid the trip through userspace, which involves a number of packet copies. Thanks, Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research > We've routed multiple class C networks over the tunnel - only to find the > performance is, basically abysmal :( > > If I do a transfer from the machines 'wan' facing addresses directly, it > works fine [we get about 230Kbytes a sec, on a 2mbit link between the > hosts] - if I do a transfer from machine to machine via the tunnel endpoint > IP's - we get about 140-160Kbytes a second... > > But 'general' traffic going across the link gets really lousy rates, and > seems very 'staccato' (e.g. a few hundred bytes per second to a host). > > We've been careful re. MTU sizes by deploying tcpmssd where needed (e.g. > for gif) > > Has anyone got any experience of routing large networks of traffic via > tunnels under FreeBSD? > > As a comparison a linksys vpn box did the same thing for a single VPN and > got nearly 200k with one host, and degraded 'fairly' with others online > [but unfortunately doesn't have the support for multiple networks over the > VPN etc. that we need]. > > Any help, info, or experience greatly appreciated... > > -Karl > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >