-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ovpn_dco_v2 significantly slower #31
Comments
@bernhardschmidt thanks for sharing. |
There are UDP and TCP processes, but the test client connected over UDP. |
Oh. This is interesting. Technically there was no change on the UDP fast path between dco and dco-v2 (while there were for TCP). I will run some extra tests on my side. Maybe after your vacation you can try to reproduce it with the test rig, to have comparable results. Thanks so far! |
Hi @bernhardschmidt ! I was wondering if you had any chance to run some extra test to shed some lights on your previously reported results. |
I'm observing something similar. Test setup:
OpenVPN configuration:
OpenVPN userspace2 GBit/s.
100% CPU load of both server and client processes. OpenVPN-dco
Only 1 Gbit/s.
No significant CPU load during the test. There's a lock somewhere. Configuration files (spolier)
|
TCP connection without DCO shows 1.5 Gbit/s, with DCO — 742 mbit/s. |
DCO module doesn't support TCP MSS value modification (mssfix)? The packets are sent with 1460 MSS. Executing OpenVPN DCO @ UDP, advmss 1400
|
correct, mssfix is currently not supported. Have you tried the same test after directly lowering the MTU of the DCO interface? |
Hi, I had the same issue. I have run a few tests. These were done with Debian bookworm using openvpn-dco-dkms 0.0+git20231103-1 and openvpn 2.6.3-1+deb12u2. I never had DCO V1, so I can't comment on that.
basically the connection is at about 100% bandwith when DCO is used with a Maybe put a note in the documentation that you have to set a lower |
you're right about the MTU, but this has always been the case since the beginning of DCO, hence not strictly related to this issue. The issue lies in the mssfix directive not being supported by DCO. It will most likely be implemented in the near future. |
good news :-) |
Upgrading our eduVPN node to OpenVPN 2.6.2 with ovpn_dco_v2 leads to significantly lower throughput than running without DCO or with DCOv1. Unfortunately I cannot get the test rig used for the first test running today and I'm going on vacation, but it is reproducible.
Speeds are downloads from the VPN client, so sending into the tunnel.
All with the same VM:
2.6.1 + DCOv1: 1,23 Gbit/s
2.6.1 without DCO: 374 Mbit/s
From another client (!), thus not comparable with the numbers above:
2.6.2 + DCOv2: 84 Mbit/s
2.6.2 without DCO: 450 Mbit/s
The text was updated successfully, but these errors were encountered: