| psycroptic |
11-10-2013 01:44 AM |
openvpn - unable to max out tc rate limit, CPU not pegged (~10% at most)
i have an intel core i3-2120 3.3GHz openvpn server and a Win7 core i7-2630qm 2GHz laptop as a client. Testing for this purpose was done using ethernet directly from the server to the laptop. Both have gigabit nics, and iperf can get the full ~948mbit transfer from both. VPN subnet is 10.11.12.0/24, machine IPs are in x.x.x.8/29.
Iperf over the VPN gives the following:
Code:
------------------------------------------------------------
Client connecting to 10.11.12.6, TCP port 5001
TCP window size: 21.8 KByte (default)
------------------------------------------------------------
[ 3] local 10.11.12.1 port 48177 connected with 10.11.12.6 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 165 MBytes 138 Mbits/sec
Not bad.
Now I try limiting the upload from the server w/htb, setting the default class as :11 (prio 2) while classifying port 1194 as :10 (prio 1). "external" is the interface name:
Code:
tc qdisc add dev external root handle 1: htb default 11
tc class add dev external parent 1: classid 1:1 htb rate 23.7mbit ceil 23.7mbit burst 8k
tc class add dev external parent 1:1 classid 1:10 htb rate 15.7mbit ceil 23.7mbit prio 1 burst 8k
tc class add dev external parent 1:1 classid 1:11 htb rate 6mbit ceil 23.7mbit prio 2 burst 8k
tc class add dev external parent 1:1 classid 1:12 htb rate 1mbit ceil 23.7mbit prio 3 burst 8k
tc class add dev external parent 1:1 classid 1:13 htb rate 1mbit ceil 5mbit prio 4 burst 8k
tc filter add dev external protocol ip parent 1: prio 1 u32 match ip sport 1194 0xffff flowid 1:10
This works mostly as expected, with normal non-VPN'd traffic reaching the 23.2mbps ceil:
Code:
------------------------------------------------------------
Client connecting to x.x.x.11, TCP port 5001
TCP window size: 22.9 KByte (default)
------------------------------------------------------------
[ 3] local x.x.x.10 port 39034 connected with x.x.x.11 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.1 sec 27.9 MBytes 23.2 Mbits/sec
But openvpn never makes it to 23, and has a loss of 1.6mbps compared to everything else:
Code:
------------------------------------------------------------
Client connecting to 10.11.12.6, TCP port 5001
TCP window size: 416 KByte
------------------------------------------------------------
[ 3] local 10.11.12.1 port 48173 connected with 10.11.12.6 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.1 sec 26.0 MBytes 21.6 Mbits/sec
This happens very consistently, no matter what I set the htb rate. Openvpn always takes a hit of ~5-10%. CPU usage never rises above 10% on either machine.
So why, if openvpn can maximally run at ~138mbps, is it unable to manage ~23 under my tc rules?
server conf:
Code:
port 1194
proto udp
dev tun
passtos
ca /etc/openvpn/ca.crt
cert /etc/openvpn/x.crt
key /etc/openvpn/x.key
dh /etc/openvpn/dh2048.pem
server 10.11.12.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 30 150
push "route 172.16.0.0 255.255.0.0"
push "route 10.172.172.0 255.255.255.0"
push "route 192.168.192.0 255.255.255.0"
push "route 10.100.100.0 255.255.255.0"
push "route 10.200.200.0 255.255.255.0"
client-to-client
tls-auth /etc/openvpn/ta.key 0
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 4
reneg-sec 10800
mute-replay-warnings
thanks |
