On Mon, 4 May 2020 18:45:19 +0200 (CEST)
Sven-Haegar Koch <haegar at sdinet.de> wrote:> On Mon, 4 May 2020, Pallinger Péter wrote:
>
> > ------- TL;DR -------
> >
> > Performance seems slow (around 300-400Mbit peak).
> > How to improve?
>
> Not sure if that could be the case for you, my links are not that
> fast:
>
> Make sure to disable compression, that is a known CPU hog.
Compression was disabled. I've successfully slowed down my connection by
enabling compression (at least I know the configuration option is
used :) ) . I managed to get speeds of up to ~500Mb by using the
configuration below. Sometimes. It varies between 350 and 500 Mb.
Cipher = aes-128-cbc
Digest = none
# these did not really have any significant impact
#ClampMSS = no|yes
#Compression = 0
I don't want to use insecure cipher and no digest in production (I
cannot even set cipher=none, as tinc segfaults), but this shows that
the digest slows things down somewhat, but not that significantly.
I am using tinc version 1.0.31, from debian 9 (for this test).
The main test servers are bare metal and connected by a gigabit
switch in the same rack. One of the servers has 10Gb links too, and I
tried to connect to a remote VM with 10Gb link, to which the top HTTP
speed was ~3Gb.
My main gripe is that scp can transfer at about 200MB/s on the network,
and 300 and 450MB/s locally, so encryption should not really be a
problem and tinc should be able to saturate a gigabit link easily.
I read more of the mailing list, and found a suggestion that tinc 1.1
should be significantly faster. How stable is the 1.1 branch? Is is
feasible to use it in production?
Any further suggestions are welcome!
Thanks in advance:
PP