<div dir="ltr">Hi Jared,<div>I've seen the same while testing on digital ocean, I think it's the context switching that happens when sending a packet.</div><div>I've done some testing with wireguard and that has a lot better performance but it's still changing quite a lot and only does a subset of what tinc does so probably not a stable solution.</div><div><br></div><div>Martin</div><br><div class="gmail_quote"><div dir="ltr">On Wed, 17 May 2017 at 18:05 Jared Ledvina <<a href="mailto:jared@techsmix.net" target="_blank">jared@techsmix.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
Terribly sorry about the duplicated message.<br>
<br>
I've completed the upgrade to Tinc 1.0.31 but, have not seen much of a<br>
performance increase. The change looks to be similar to switching to<br>
both aes-256-cbc w/ sha256 (which are now the default so, that makes<br>
sense).<br>
Out tinc.conf is reasonably simple:<br>
Name = $hostname_for_node<br>
Device = /dev/net/tun<br>
PingTimeout = 60<br>
ReplayWindow = 625<br>
ConnectTo = $remote_node_name_here<br>
ConnectTo = $remote_node2_name_here<br>
ConnectTo = $remote_node3_name_here<br>
ConnectTo = $remote_node4_name_here<br>
ConnectTo = $remote_node5_name_here<br>
ConnectTo = $remote_node6_name_here<br>
<br>
Sadly, I'm out of ideas on how to improve the performance here. I've<br>
tried to change the following sysctl settings:<br>
net.core.somaxconn='4096'<br>
net.core.rmem_max='16777216'<br>
net.core.wmem_max='16777216'<br>
as was recommended by one of peers. That seems to have actually<br>
decreased the perf across the board by around 2% (but that might just be<br>
due to fluctuations in the network, I'm not entirely sure)<br>
<br>
One of my iperf3 tests is between 2 c3.large AEC2 instances in us-east.<br>
I'm able to get ~556Mb/s over the internet. Going soley over the Tinc<br>
network though, that drops to 158Mb/s. For instances in the same region<br>
(I'm testing in Ireland, Oregon, and Virginia) to instances within that<br>
region, I'm averaging around 26% over the bandwidth being availible over<br>
the tinc network versus over the internet.<br>
<br>
Is that % overhead expected or have we just poorly configured something?<br>
<br>
Totally willing to grab any numbers/stats that might assist here.<br>
<br>
Thanks again,<br>
Jared<br>
<br>
<br>
--<br>
Jared Ledvina<br>
<a href="mailto:jared@techsmix.net" target="_blank">jared@techsmix.net</a><br>
<br>
On Tue, May 16, 2017, at 05:08 PM, Jared Ledvina wrote:<br>
> Hi,<br>
><br>
> We've been running tinc for a while now but, have started hitting a<br>
> bottleneck where the number of packets/sec able to be processed by our<br>
> Tinc nodes is maxing out around 4,000 packets/sec.<br>
><br>
> Right now, we are using the default cipher and digest settings (so,<br>
> blowfish and sha1). I've been testing using aes-256-cbc for the cipher<br>
> and seeing ~5% increases across the board. Each Tinc node does have<br>
> AES-NI.<br>
><br>
> I've also read through/found <a href="https://github.com/gsliepen/tinc/issues/110" rel="noreferrer" target="_blank">https://github.com/gsliepen/tinc/issues/110</a><br>
> which is very interesting.<br>
><br>
> The TInc nodes are all on Centos6 AWS EC2 instances as c3.large's w/<br>
> EIP's. I've been testing with iperf3 and am able to get around 510Mb/s<br>
> on the raw network. Over the tun interface/Tinc network, I'm only able<br>
> to max it out to around 120Mb/s.<br>
><br>
> Anyone have any suggestions on settings or system changes that might be<br>
> able to assist here? I'm also curious if upgrading to 1.0.31 would help<br>
> and plan on testing that tomorrow.<br>
><br>
> Happy to provide any other information that might be useful.<br>
><br>
> Thanks,<br>
> Jared<br>
> _______________________________________________<br>
> tinc mailing list<br>
> <a href="mailto:tinc@tinc-vpn.org" target="_blank">tinc@tinc-vpn.org</a><br>
> <a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
_______________________________________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org" target="_blank">tinc@tinc-vpn.org</a><br>
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
</blockquote></div></div>