Bright Zhao
2017-Sep-11 02:58 UTC
Will couple of packets drop when in-frequent traffic go through tinc?
An very interesting test did yesterday that, LAN1 and LAN2 setup an tinc VPN which is quite simple(the physical link between tinc nodes are quite stable/fast), and no any application traffic to go through the tinc. Later, I setup smokeping which LAN1 initial 20 ping to LAN2 on a per-minute basis, but as you saw from the below picture, it had packet drop. But if I perform a constantly ping from LAN1 and LAN2, then the smokeping output show the packet drop no longer happens. From this observation, it seems the tinc VPN connection will have some sort of idle connection and will be pause, and constantly traffic will make the connection active? https://ibb.co/jrkF4F <https://ibb.co/jrkF4F> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170911/291482d6/attachment.html>
Guus Sliepen
2017-Sep-13 15:20 UTC
Will couple of packets drop when in-frequent traffic go through tinc?
On Mon, Sep 11, 2017 at 10:58:09AM +0800, Bright Zhao wrote:> An very interesting test did yesterday that, LAN1 and LAN2 setup an tinc VPN which is quite simple(the physical link between tinc nodes are quite stable/fast), and no any application traffic to go through the tinc. > > Later, I setup smokeping which LAN1 initial 20 ping to LAN2 on a per-minute basis, but as you saw from the below picture, it had packet drop. But if I perform a constantly ping from LAN1 and LAN2, then the smokeping output show the packet drop no longer happens. > > From this observation, it seems the tinc VPN connection will have some sort of idle connection and will be pause, and constantly traffic will make the connection active?Tinc doesn't keep all UDP connections alive, since in a VPN with many nodes, this would cause a large of the amount of keepalive packets being sent between nodes. If you don't send anything to another node for a while, tinc might pause the UDP connection. However, if you then send something, tinc knows the UDP connection is not alive yet, and while it is reestablishing the UDP connection, it will send your packets via its TCP connections. So in principle, you should not see this kind of packet loss. But, if the UDP connections are alive, and the real network has packet loss, then you will see that on your VPN as well. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170913/c9aa4491/attachment.sig>