<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>I will test this ASAP, but can you elaborate as to why this would happen? If there is no payload traffic in the VPN, there should be no reason to query for IP addresses. And if tinc switches do query for addresses without cause, why would they query for each possible address individually? When an entire subnet is assigned to one node, shouldn't that suffice? Even if two nodes had the same subnet assigned to them, a switch should simply multicast to both peers to find the target of a connection. Am I missing something important? <div> <div name="quote" style="margin:10px 5px 5px 10px; padding: 10px 0 10px 10px; border-left:2px solid #C3D9E5; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"> <div style="margin:0 0 10px 0;"><b>Gesendet:</b> Donnerstag, 02. Mai 2019 um 20:38 Uhr<br/> <b>Von:</b> "Absolute Truth" <requiredtruth@gmail.com><br/> <b>An:</b> tinc@tinc-vpn.org<br/> <b>Betreff:</b> Re: Re: very high traffic without any load</div> <div name="quoted-content"> <div>I suspect your /64.. try giving a single address to two seperate machine so one single addresses for each. /32 . Then check your traffic. Tinc is a mesh network. If you give it millions of addresses. Then its probably checking each one.</div> <div class="gmail_quote"> <div class="gmail_attr">On Thu, May 2, 2019, 2:06 PM Christopher Klinge <<a href="mailto:Christ.Klinge@web.de" onclick="parent.window.location.href='mailto:Christ.Klinge@web.de'; return false;" target="_blank">Christ.Klinge@web.de</a>> wrote:</div> <blockquote class="gmail_quote" style="margin: 0 0 0 0.8ex;border-left: 1.0px rgb(204,204,204) solid;padding-left: 1.0ex;"> <div> <div style="font-family: Verdana;font-size: 12.0px;"> <div> <div>Good evening,</div> <div> </div> <div>all of my servers where set up fresh with no other applications running besides tinc and my ssh sessions. I just double checked and those are the two only processes on my machines that have active sockets. Additionally, the SSH sessions do not go through the VPN, but are set up directly to the machines. Does tinc provide a way for differentiating between between meta and payload traffic?</div> <div> <div> </div> <div>Kind regards and thanks for your time,</div> <div>Christopher</div> <div> </div> <div style="margin: 10.0px 5.0px 5.0px 10.0px;padding: 10.0px 0 10.0px 10.0px;border-left: 2.0px solid rgb(195,217,229);"> <div style="margin: 0 0 10.0px 0;"><b>Gesendet:</b> Mittwoch, 01. Mai 2019 um 23:29 Uhr<br/> <b>Von:</b> "Lars Kruse" <<a href="mailto:lists@sumpfralle.de" onclick="parent.window.location.href='mailto:lists@sumpfralle.de'; return false;" target="_blank">lists@sumpfralle.de</a>><br/> <b>An:</b> <a href="mailto:tinc@tinc-vpn.org" onclick="parent.window.location.href='mailto:tinc@tinc-vpn.org'; return false;" target="_blank">tinc@tinc-vpn.org</a><br/> <b>Betreff:</b> Re: very high traffic without any load</div> <div>Hello Christopher,<br/> <br/> <br/> Am Wed, 1 May 2019 12:37:33 +0200<br/> schrieb "Christopher Klinge" <<a href="mailto:Christ.Klinge@web.de" onclick="parent.window.location.href='mailto:Christ.Klinge@web.de'; return false;" target="_blank">Christ.Klinge@web.de</a>>:<br/> <br/>> There is however a large amount of management traffic which I assume should<br/> > not be the case.<br/><br/> indeed - I never noticed an unreasonable amount of tinc management traffic<br/> with any of my setups.<br/> <br/> How exactly did you verify, that tinc meta traffic is really the culprit?<br/> Did you compare the traffic over your uplink interface with the traffic<br/> over the tinc interface?<br/> Maybe there is just a huge amount of payload traffic exchanged between the<br/> nodes over the tinc VPN?<br/> Since you are using "switch" mode, this could even be broadcast traffic.<br/> <br/> Cheers,<br/> Lars<br/> _______________________________________________<br/> tinc mailing list<br/> <a href="mailto:tinc@tinc-vpn.org" onclick="parent.window.location.href='mailto:tinc@tinc-vpn.org'; return false;" target="_blank">tinc@tinc-vpn.org</a><br/> <a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" target="_blank">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a></div> </div> </div> </div> </div> </div> _______________________________________________<br/> tinc mailing list<br/> <a href="mailto:tinc@tinc-vpn.org" onclick="parent.window.location.href='mailto:tinc@tinc-vpn.org'; return false;" target="_blank">tinc@tinc-vpn.org</a><br/> <a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" target="_blank">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a></blockquote> </div> _______________________________________________ tinc mailing list tinc@tinc-vpn.org <a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" target="_blank">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a></div> </div> </div> </div></div></body></html>
You could always run a wireshark on the line and watch the traffic directly. On Thu, May 2, 2019, 3:48 PM Christopher Klinge <Christ.Klinge at web.de> wrote:> I will test this ASAP, but can you elaborate as to why this would happen? > If there is no payload traffic in the VPN, there should be no reason to > query for IP addresses. And if tinc switches do query for addresses without > cause, why would they query for each possible address individually? When an > entire subnet is assigned to one node, shouldn't that suffice? Even if two > nodes had the same subnet assigned to them, a switch should simply > multicast to both peers to find the target of a connection. Am I missing > something important? > > *Gesendet:* Donnerstag, 02. Mai 2019 um 20:38 Uhr > *Von:* "Absolute Truth" <requiredtruth at gmail.com> > *An:* tinc at tinc-vpn.org > *Betreff:* Re: Re: very high traffic without any load > I suspect your /64.. try giving a single address to two seperate machine > so one single addresses for each. /32 . Then check your traffic. Tinc is a > mesh network. If you give it millions of addresses. Then its probably > checking each one. > > On Thu, May 2, 2019, 2:06 PM Christopher Klinge <Christ.Klinge at web.de> > wrote: > >> Good evening, >> >> all of my servers where set up fresh with no other applications running >> besides tinc and my ssh sessions. I just double checked and those are the >> two only processes on my machines that have active sockets. Additionally, >> the SSH sessions do not go through the VPN, but are set up directly to the >> machines. Does tinc provide a way for differentiating between between meta >> and payload traffic? >> >> Kind regards and thanks for your time, >> Christopher >> >> *Gesendet:* Mittwoch, 01. Mai 2019 um 23:29 Uhr >> *Von:* "Lars Kruse" <lists at sumpfralle.de> >> *An:* tinc at tinc-vpn.org >> *Betreff:* Re: very high traffic without any load >> Hello Christopher, >> >> >> Am Wed, 1 May 2019 12:37:33 +0200 >> schrieb "Christopher Klinge" <Christ.Klinge at web.de>: >> >> > There is however a large amount of management traffic which I assume >> should >> > not be the case. >> >> indeed - I never noticed an unreasonable amount of tinc management traffic >> with any of my setups. >> >> How exactly did you verify, that tinc meta traffic is really the culprit? >> Did you compare the traffic over your uplink interface with the traffic >> over the tinc interface? >> Maybe there is just a huge amount of payload traffic exchanged between the >> nodes over the tinc VPN? >> Since you are using "switch" mode, this could even be broadcast traffic. >> >> Cheers, >> Lars >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > _______________________________________________ tinc mailing list > tinc at tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20190502/206a29cb/attachment-0001.html>
Are you sure that traffic isn't loopback to itself? I'm not %100 sure but I've seen something like this before where it seems a ton of traffic was going over a nic but it was localhost or loopback so it was communication to itself that was causing high numbers. On Thu, May 2, 2019, 3:51 PM Absolute Truth <requiredtruth at gmail.com> wrote:> You could always run a wireshark on the line and watch the traffic > directly. > > On Thu, May 2, 2019, 3:48 PM Christopher Klinge <Christ.Klinge at web.de> > wrote: > >> I will test this ASAP, but can you elaborate as to why this would happen? >> If there is no payload traffic in the VPN, there should be no reason to >> query for IP addresses. And if tinc switches do query for addresses without >> cause, why would they query for each possible address individually? When an >> entire subnet is assigned to one node, shouldn't that suffice? Even if two >> nodes had the same subnet assigned to them, a switch should simply >> multicast to both peers to find the target of a connection. Am I missing >> something important? >> >> *Gesendet:* Donnerstag, 02. Mai 2019 um 20:38 Uhr >> *Von:* "Absolute Truth" <requiredtruth at gmail.com> >> *An:* tinc at tinc-vpn.org >> *Betreff:* Re: Re: very high traffic without any load >> I suspect your /64.. try giving a single address to two seperate machine >> so one single addresses for each. /32 . Then check your traffic. Tinc is a >> mesh network. If you give it millions of addresses. Then its probably >> checking each one. >> >> On Thu, May 2, 2019, 2:06 PM Christopher Klinge <Christ.Klinge at web.de> >> wrote: >> >>> Good evening, >>> >>> all of my servers where set up fresh with no other applications running >>> besides tinc and my ssh sessions. I just double checked and those are the >>> two only processes on my machines that have active sockets. Additionally, >>> the SSH sessions do not go through the VPN, but are set up directly to the >>> machines. Does tinc provide a way for differentiating between between meta >>> and payload traffic? >>> >>> Kind regards and thanks for your time, >>> Christopher >>> >>> *Gesendet:* Mittwoch, 01. Mai 2019 um 23:29 Uhr >>> *Von:* "Lars Kruse" <lists at sumpfralle.de> >>> *An:* tinc at tinc-vpn.org >>> *Betreff:* Re: very high traffic without any load >>> Hello Christopher, >>> >>> >>> Am Wed, 1 May 2019 12:37:33 +0200 >>> schrieb "Christopher Klinge" <Christ.Klinge at web.de>: >>> >>> > There is however a large amount of management traffic which I assume >>> should >>> > not be the case. >>> >>> indeed - I never noticed an unreasonable amount of tinc management >>> traffic >>> with any of my setups. >>> >>> How exactly did you verify, that tinc meta traffic is really the culprit? >>> Did you compare the traffic over your uplink interface with the traffic >>> over the tinc interface? >>> Maybe there is just a huge amount of payload traffic exchanged between >>> the >>> nodes over the tinc VPN? >>> Since you are using "switch" mode, this could even be broadcast traffic. >>> >>> Cheers, >>> Lars >>> _______________________________________________ >>> tinc mailing list >>> tinc at tinc-vpn.org >>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>> _______________________________________________ >>> tinc mailing list >>> tinc at tinc-vpn.org >>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> _______________________________________________ tinc mailing list >> tinc at tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20190502/ae4e2762/attachment.html>