Tinc CPU usage

Fri Oct 28 20:59:47 CEST 2011

On 27/10/2011, at 1:09 PM, Guus Sliepen wrote:

> On Thu, Oct 27, 2011 at 10:34:21AM +1300, Karl von Randow wrote:
> 
>> Hi, I'm using Tinc v1.0.11 on Ubuntu 10.04 and seeing high CPU usage
>> (up to 30%) on what I wouldn't consider high traffic levels.
> 
> It all depends on how much traffic and what kind of CPU you have. Can you give
> some numbers?

I'm measuring it off my munin graphs and it appears to be about 15-20Mbps on average over the period I noticed about 30% CPU usage.

It's running on a Rackspace Cloud server so I'm not really sure about the CPU... quad core AMD Opteron, each with 4400 bogomips. The MHz figure is a bit odd at 1814865.106. The servers are running database instances and application server instances quite capably without high CPU utilisation so I believe the CPU is well powered.

Running a flood ping across the tinc tunnel results in 20% CPU usage for tinc.

> 
>> I'm running the tinc daemons in switch mode, to support the
>> multicast. I have tried settings:
>> 
>> TunnelServer = no
>> Forwarding = off
>> DirectOnly = yes
>> 
>> To see whether that has an effect on CPU usage; which I haven't
>> confirmed yet.
> 
> These should have no effect on CPU usage. You should normally leave these
> settings to their defaults. Also, Forwarding and DirectOnly are not doing
> anything in tinc 1.0.11.

Heh, I did get some results that suggested they didn't. All my servers have config for each other and appear to be able to talk to each other. I want to setup the network so that each server can talk to each other server (ie. no single points of failure), as they're all on the same subnet.

On Rackspace Cloud the internal network interface isn't private so tinc is really useful to secure that internal net. I also need it to do multicast (for Tomcat session replication) so I have it in switch mode. Just in case there's a better approach / configuration I should know about.

> 
>> 1.0.11 is the latest package of Tinc I can find for Ubuntu 10.04; is
>> it worth me trying to build or find a package for 1.0.16? I read the
>> changes and it didn't appear that there were performance
>> improvements for my case.
> 
> There are indeed no improvements for CPU usage, but there are a number of other
> improvements and bug fixes in later versions, so it might be a good idea to
> upgrade.
> 
>> Any other tips for performance tuning Tinc?
> 
> Most of the CPU time is consumed by encryption and authentication of all
> packets. You can try changing the algorithms used with the Cipher and Digest
> options. If you are sure you don't need encryption or authentication, you can
> set those to "none". But I would recommend not changing these settings at all.
> 

I will attempt to install another package and see if I can get it to work and report back. If any friendly Ubuntu packagers are listening I would love to ask for some tips or directions.

I haven't changed the auth or crypto settings, so I'm all the defaults. I do need crypto on the wire, as above my internal network isn't private, but another codec or setting to try would be interesting.

Best regards,
Karl