PMTUDiscovery vs ClampMSS
Guus Sliepen
guus at tinc-vpn.org
Sat Dec 18 17:25:13 CET 2010
On Fri, Dec 17, 2010 at 01:17:22AM -0600, Rob Townley wrote:
> An OpenVPN user on the vyatta.org forums had the problems with
> excessively slow connections.
>
> He found that either lowering the MTU to about one-third helped:
> router:~# ifconfig vtun0 mtu 516
Ugh. I cannot recommend setting the MTU so low.
> But also found turning OFF TCP Segmentation Offload (TSO) on the
> server speeded things up just as well. As i understand it, the word
> segment in this context refers to Maximum Segment Size which is broken
> down to ethernet MTU frame size (usually 1500bytes).
Almost correct. MSS is the same as MTU, minus the IP header. TSO means that if
you send lots of data through a TCP connection at once, the hardware will take
care of splitting the data up in MSS sized chuncks, and will generate a header
for all of them.
The problem with these hardware features is that the NIC hardware is often
slower than your CPU.
> So if you have TSO enabled on your NICs but the tun device doesn't support
> TSO, couldn't that create a problem?
That should not be a problem. Segmentation is only done once, on the first
outgoing interface. If the OpenVPN connection was faster with TSO turned off,
then OpenVPN was tunneling over TCP. That is slow in itself.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20101218/69a198b3/attachment.pgp>
More information about the tinc
mailing list