Date: Fri, 19 Apr 2019 18:40:29 +0200 (CEST) From: Wojciech Puchar <wojtek@puchar.net> To: Jim Thompson <jim@netgate.com> Cc: Wojciech Puchar <wojtek@puchar.net>, Miroslav Lachman <000.fbsd@quip.cz>, Mark Millard via freebsd-hackers <freebsd-hackers@freebsd.org> Subject: Re: openvpn and system overhead Message-ID: <alpine.BSF.2.20.1904191839390.44364@puchar.net> In-Reply-To: <94EA4F3F-4D78-4E08-9AF8-441B957A4749@netgate.com> References: <alpine.BSF.2.20.1904171707030.87502@puchar.net> <8648d069-2172-2c09-8e59-d66a8265a120@quip.cz> <alpine.BSF.2.20.1904171753480.98262@puchar.net> <94EA4F3F-4D78-4E08-9AF8-441B957A4749@netgate.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Using a tun/tap device incurs an additional context switch in each direction, as you’re basically running the program to send data (say, ‘ping’ or ’ssh’), and another program is used to encrypt and encapsulate the packet before it leaves the machine. The process is roughly the same on the other side. So you get twice the copies, and twice the number of context switches. Making things worse, the “IP stack” inside OpenVPN is single-threaded, and processes one packet at a time, so all the overheads accrue to each packet, rather than being amortized across several packets. it would be very good for tun device to have option (switchable by ioctl) so read will receive a bunch of packets up to read size, and write can send a bunch of packets.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1904191839390.44364>