Very slow network speed using Tinc

Guus Sliepen guus at tinc-vpn.org
Tue Oct 22 16:04:31 CEST 2013 

On Tue, Oct 22, 2013 at 01:58:47PM +0200, Florent Bautista wrote:

> >> MACExpire = 30
> >
> > Why did you lower this value?
> 
> Because I use Tinc in a virtualized environment, and sometimes VM moves
> from one host to another. So I reduced it to let Tinc learn more quickly
> the new path.

Tinc should handle MAC addresses moving from one node to another without having
to lower the MACExpire timeout. And if tinc is running inside the VM, then as
far as tinc is concerned, there is no movement of MAC addresses at all.

> >> Cipher = ECDHE-RSA-AES256-SHA384
> >
> > That is an invalid name for an encryption cipher, instead that is a name
> > for a cipher suite. If you want to use AES256 as a cipher use "Cipher =
> > aes-256-cbc".
> 
> Ok. Where can I get the list of all available ciphers ? Because I took it
> from : openssl ciphers -v 'AES+HIGH'

You can get it using this command:

openssl list-cipher-algorithms

> > It might be best to start with the default configuration parameters first. Use
> > only Mode, Name, Address and ConnectTo variables. If that works fine, try
> > adding other configuration statements until the performance drops.
> 
> Ok, so I made some tests :
> 
> 2 empty VM of Proxmox 3.1 (Linux 2.6.32), connected to a 1 Gbit/s switch.

Running tinc inside a VM is generally quite a bit slower than running it outside a VM.

> Without Tinc :
> 
> root at host2:~# iperf -c 192.168.0.71
> - ------------------------------------------------------------
> Client connecting to 192.168.0.71, TCP port 5001
> TCP window size: 23.8 KByte (default)
> - ------------------------------------------------------------
> [  3] local 192.168.0.72 port 40353 connected with 192.168.0.71 port 5001
> [ ID] Interval       Transfer     Bandwidth
> [  3]  0.0-10.0 sec  1.08 GBytes   928 Mbits/sec
> 
> With Tinc :
> 
> root at host2:~# iperf -c 10.111.0.1
> - ------------------------------------------------------------
> Client connecting to 10.111.0.1, TCP port 5001
> TCP window size: 23.2 KByte (default)
> - ------------------------------------------------------------
> [  3] local 10.111.0.2 port 34523 connected with 10.111.0.1 port 5001
> [ ID] Interval       Transfer     Bandwidth
> [  3]  0.0-10.0 sec   104 MBytes  87.2 Mbits/sec
> 
> It's better than on my production servers, but is it normal ?

It depends on how fast the real hardware of ProxMox is of course, but I would
say this is not unreasonable.

> I tested with or without Cipher, with or without Digest, with or without
> Compression, and always the same results... I don't think it is expected :)

If you are expecting gigabit/s speeds, then you have to try tinc 1.1 from git
and use it on processors which have hardware AES instructions.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20131022/6f9b9106/attachment.sig>

More information about the tinc mailing list