Hi, I've setup a wlan ap using a an alix 2d2 (AMD Geode LX 500 Mhz + AES Offload) and am now trying to encapsulate the wlan traffic into a vpn (tap bridge). Though even when disabling crypto and digest (there is a crypto engine onboard can be setup to handle tinc encryption), the best throughput I get is aroung 2,9 MByte per second (wget+http) (even if the client is run locally). The network card and the source do support up to 11 MByte/s and when using tinc the cpu loads go into the limits, so I guess to just copying memory or calculating way too much. Looking at the source, it looks like there isn't much copying at all, the only place it wasn't clear to me why copying occurs is at the beginning in route_mac when source and destination mac are copying into local variables, though changing that does not gain a lot. Running gprof it reports no time spent but only function calls, which hints that all time is lost in the kernel. Does somebody have any numbers around on what one could expect on a 500 Mhz machine using tinc with/without encryption or on what to try out to improve throughput? Thanks a lot, Michael Braun
If you've turned on compression and set it high, it will have a big impact. You might want to play with the compression settings. High compression uses up more CPU and will be slower. You could try turning compression off, but will probably result in more bandwidth being used. But you might see a performance increase. Mike On 17/03/2010, at 10:36 AM, michael-dev wrote:> Hi, > > I've setup a wlan ap using a an alix 2d2 (AMD Geode LX 500 Mhz + AES > Offload) > and am now trying to encapsulate the wlan traffic into a vpn (tap bridge). > Though even when disabling crypto and digest (there is a crypto engine > onboard > can be setup to handle tinc encryption), the best throughput I get > is aroung 2,9 MByte per second (wget+http) (even if the client is run > locally). > The network card and the source do support up to 11 MByte/s and when using > tinc > the cpu loads go into the limits, so I guess to just copying memory or > calculating way too much. > Looking at the source, it looks like there isn't much copying at all, > the only place it wasn't clear to me why copying occurs is at the > beginning in route_mac > when source and destination mac are copying into local variables, though > changing that does > not gain a lot. Running gprof it reports no time spent but only function > calls, which > hints that all time is lost in the kernel. > > Does somebody have any numbers around on what one could expect on a 500 > Mhz machine > using tinc with/without encryption or on what to try out to improve > throughput? > > Thanks a lot, > Michael Braun > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
Hi Michael, michael-dev wrote, on 17-03-10 01:36:> Does somebody have any numbers around on what one could expect on a > 500 Mhz machine using tinc with/without encryption or on what to > try out to improve throughput?I got a hole bunch of alix systems running with tinc to create a wan. I have no issues with the bandwidth throughput. I do not use the crypto unit since the openssl lib does not (yet) work with the hardware on debian gnu/linux. I use the following settings on the alix systems: Compression = 9 PMTU = 1400 PMTUDiscovery = yes # Cipher = aes-128-cbc I know for sure I can do 50Mbits up en down, and probably it can even go higher but have not tested this yet. Kind regards, Jelle
On Wed, Mar 17, 2010 at 01:36:58AM +0100, michael-dev wrote:> I've setup a wlan ap using a an alix 2d2 (AMD Geode LX 500 Mhz + AES Offload) > [...] the best throughput I get is aroung 2,9 MByte per second (wget+http) > (even if the client is run locally).Hm, Geodes are not very fast, but this does seem a bit low.> Looking at the source, it looks like there isn't much copying at all, the > only place it wasn't clear to me why copying occurs is at the beginning in > route_mac when source and destination mac are copying into local variables, > though changing that does not gain a lot.This is necessary because some architectures impose alignment restrictions that would cause tinc to misbehave or segfault if you cast a random char * pointer to a mac_t *.> Running gprof it reports no time spent but only function calls, which hints > that all time is lost in the kernel.Which function call is the biggest user on your alix? -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100317/8324d7b0/attachment.pgp>