PMTUDiscovery vs ClampMSS
Rob Townley
rob.townley at gmail.com
Sat Dec 18 19:29:55 CET 2010
Liked the simplification of MSS bytes = MTU bytes + IP header bytes.
With TSO turned on in hardware (find out by ethtool -k eth0) then
latency skyrocketed.
On 12/18/10, Guus Sliepen <guus at tinc-vpn.org> wrote:
> On Fri, Dec 17, 2010 at 01:17:22AM -0600, Rob Townley wrote:
>
>> An OpenVPN user on the vyatta.org forums had the problems with
>> excessively slow connections.
>>
>> He found that either lowering the MTU to about one-third helped:
>> router:~# ifconfig vtun0 mtu 516
>
> Ugh. I cannot recommend setting the MTU so low.
>
>> But also found turning OFF TCP Segmentation Offload (TSO) on the
>> server speeded things up just as well. As i understand it, the word
>> segment in this context refers to Maximum Segment Size which is broken
>> down to ethernet MTU frame size (usually 1500bytes).
>
> Almost correct. MSS is the same as MTU, minus the IP header. TSO means that
> if
> you send lots of data through a TCP connection at once, the hardware will
> take
> care of splitting the data up in MSS sized chuncks, and will generate a
> header
> for all of them.
>
> The problem with these hardware features is that the NIC hardware is often
> slower than your CPU.
>
>> So if you have TSO enabled on your NICs but the tun device doesn't support
>> TSO, couldn't that create a problem?
>
> That should not be a problem. Segmentation is only done once, on the first
> outgoing interface. If the OpenVPN connection was faster with TSO turned
> off,
> then OpenVPN was tunneling over TCP. That is slow in itself.
>
> --
> Met vriendelijke groet / with kind regards,
> Guus Sliepen <guus at tinc-vpn.org>
>
More information about the tinc
mailing list