Performance issue with TunnelServer mode
Tuomas Silen
tuomas at silen.fi
Wed Dec 28 16:34:59 CET 2016
Hi,
We have a tinc network of about ~200 hosts and in the full mesh
configuration we've had a lot of problems with the edge propagation storms
taking the entire network down. Recently we had a setup with a small number
of "hubs" to which all the other nodes connected to, which limited the
number of meta connections, but that didn't help much with the edge
propagation issues.
Now we moved to using the TunnelServer mode where we define all the
necessary ConnectTos (on one side of the tunnel), which at least solves the
propagation issues.
There are a couple of servers where most of the servers still need to
connect to and with TunnelServer mode we noticed that the throughput on
those servers dropped to less than half of what it used to be (from over
600Mbps to ~250Mbps), probably mainly caused by the tinc's cpu core being
saturated much earlier.
Any ideas why that is? The server in question has about 135 meta
connections and when we reduced that to ~50 or so the throughput started to
increase back to normal. Is the TunnelServer mode somehow very expensive or
is it just the number of meta connections that's the problem?
We're running 1.0.24 as it's the latest in the repos, but we did also test
it with 1.0.30, but it made no difference.
The common settings for every host in tinc.conf (just BindToAddress and
Name are host specific):
AddressFamily = ipv4
Forwarding = internal
DirectOnly = no
Device = /dev/net/tun
MinTimeout = 2
MaxTimeout = 300
PingTimeout = 90
TunnelServer = yes
Broadcast = no
hosts configurations:
Port = 655
Compression = 0
Cipher = aes-128-cbc
IndirectData = no
Thanks!
Tuomas Silen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20161228/fe797deb/attachment.html>
More information about the tinc-devel
mailing list