From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-iy0-f171.google.com (mail-iy0-f171.google.com [209.85.210.171]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 552E7201A83 for ; Mon, 30 May 2011 15:27:11 -0700 (PDT) Received: by iyi20 with SMTP id 20so4970018iyi.16 for ; Mon, 30 May 2011 15:43:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=ziYqBRD1tZ3qp6NAHTvJ+EZlLIF9CQmIy+pGixsWOOo=; b=f5NNd25WBuxWTs9fMuAXtbFSkAh4tv4NL+AnhXo1yBVhHATDviGm56R00AmeEZErQa VIbirmuZDmc+jBB9st38m6qbKeNQ1Jd22xMzXOIwbctnJS49DNnDX4iUfCrL1g0Ajn5W 3Vn/XH860aUWADWNaLtGiUuF352eClFOeGMAc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=YEMdJGJNJrgsROqc9H/RId8byp+wtAb33oqZPCAbzD1O6Jt73KGwFOnDo0fVCHaoEG /z5kKHkNBlDcP4A/RuHK29WYiOdIRWbTZl534NCeiJjOgBDYtnfbTk7ElMQRNL7wxJND 3myS9pJ8iG5U5AMf07JqL65x44vdAR3qsrIzo= MIME-Version: 1.0 Received: by 10.42.175.200 with SMTP id bb8mr4496097icb.518.1306795415860; Mon, 30 May 2011 15:43:35 -0700 (PDT) Received: by 10.231.35.140 with HTTP; Mon, 30 May 2011 15:43:35 -0700 (PDT) In-Reply-To: References: Date: Mon, 30 May 2011 16:43:35 -0600 Message-ID: From: Dave Taht To: Walter de Donato Content-Type: multipart/alternative; boundary=90e6ba6134f88e77d304a48604c0 Cc: bismark-devel@lists.bufferbloat.net Subject: Re: [Bismark-devel] initial openvpn results on capetown X-BeenThere: bismark-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: BISMark related software development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2011 22:27:11 -0000 --90e6ba6134f88e77d304a48604c0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On Mon, May 30, 2011 at 2:02 PM, Walter de Donato wrote: > I really like all these analysis on scalability and flexibility. And redundancy, and security, and robustness. I'm glad to share what I'm working on. > Anyway, I think we won't need to have many tunnels active at the same tim= e. > > The current scope of bismark is a goal 200 devices in the field, as I understand it. How do you plan to push out new packages? > The goal of having these tunnels is to be able to occasionally talk to th= e > devices, > access to their console/web_interface. > SNMP is used heavily by large scale corporate monitoring tools such as nagios, cacti, etc. Do you have other goals in mind? > > Bismark is leveraging one project of 'uberwrt' and bufferbloat.net. There are five others at present. There will hopefully be more. While I do not expect to get a one-size-fits all solution to the needs of all the projects, it is worth it to do more than a cursory investigation on something that may need to be supported (by others) for a decade in the field. There is a need for a vpn solution in all the sub-projects, (it's my number #1 request) not just for monitoring boxes currently invisible behind NAT, but for corporate connectivity, which is what vpns are usually used for. I also like the idea of 'home router management as a service', which is embedded in the 'network-dashboard' idea. Additionally to the vpn issue, getting port mirroring to work comes from a request from MIT to be able to leverage their monitoring box, which is an external box that can run at wire speeds. It may sit on top of bismark one day to verify results. > Walter > > 2011/5/30 Dave Taht > >> On Mon, May 30, 2011 at 8:52 AM, Srikanth Sundaresan > > wrote: >> >>> >>> On May 30, 2011, at 6:58 PM, Dave Taht wrote: >>> >>> > After running overnight, the openvpn server grew to about 8MB in size= , >>> and seems to have stabilized there. >>> >>> That's a lot, isn't it? >> >> >> No. The server should run on a far more capable host than the router, >> which would hardly notice. >> >> More important is that I'm not observing unbounded memory growth, which = is >> important for long running processes. >> >> The server size is also a function of the number of connected clients. >> There are only two connected now. >> >> The client (after much less abuse than I put the server through last >> night) weighs in at >> >> 12932 1 root S 4548 7% 0% /usr/sbin/openvpn --syslog >> openvpn(cu >> >> Note that using VSZ as per either of these measurements do is a bad idea >> in that it inaccurately accounts for stack size and shared library usage= . >> >> But as a rough measure, it's not bad, and we currently have over 32MB of >> ram to spare, even after openvpn is running. dnsmasq, after some usage, >> will grow larger than it is at present. >> >> I'll put the client through some abuse in a bit. >> >> As a client, openvpn has the ability to take a list of addresses, and >> ports, to try an outgoing connection on. >> >> As a server, multiple servers can listen also on multiple ports, on >> multiple machines as well, so it is theoretically scalable to thousands = of >> users. >> >> My principal problem (long term) with openvpn, is as a user space daemon >> it cannot take advantage of hardware acceleration on the client side, wh= ere >> available (of the hardware projected to be in use for cerowrt, the only >> thing that does hardware crypto is the dreamplug). I would also like to = try >> a heavier crypto algo than blowfish. >> >> That said, once I got through the 'generate a cert setup hassle', it's >> nice to be able to get to port 81 through the vpn, as well as see snmp >> stuff. >> >> >> _______________________________________________ >> Bismark-devel mailing list >> Bismark-devel@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/bismark-devel >> >> > > > -- > Walter de Donato, PhD Student > Dipartimento di Informatica e Sistemistica > Universit=E0 degli Studi di Napoli "Federico II" > Via Claudio 21 -- 80125 Napoli (Italy) > Phone: +39 081 76 83821 - Fax: +39 081 76 83816 > Email: walter.dedonato@unina.it > WWW: http://wpage.unina.it/walter.dedonato > > --=20 Dave T=E4ht SKYPE: davetaht US Tel: 1-239-829-5608 http://the-edge.blogspot.com --90e6ba6134f88e77d304a48604c0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

On Mon, May 30, 2011 at 2:02 PM, Walter = de Donato <walter.dedonato@unina.it> wrote:
I really like all these analysis on scalability and flexibility.

And redundancy, and security, and robustness.

I'm gla= d to share what I'm working on.
=A0
Anyway,=A0I think we won't need to have many tunnels active at the= same time.


The current scope of = bismark is a goal 200 devices in the field, as I understand it.

How= do you plan to push out new packages?
=A0
The goal of having these tunnels is to be able to occasionally = talk to the devices,
access to their console/web_interface.
=A0
S= NMP is used heavily by large scale corporate monitoring tools such as nagio= s, cacti, etc.


Do you have other goals in mind?


Bismark is leveraging one project of 'uberwrt' and bufferbloat.net. There are five others at prese= nt. There will hopefully be more.

While I do not expect to get a one-size-fits all solution to the needs = of all the projects, it is worth it to do more than a cursory investigation= on something that may need to be supported (by others) for a decade in the= field.

There is a need for a vpn solution in all the sub-projects,
(it'= s my number #1 request)

not just for monitoring boxes currently inv= isible behind NAT,

but for corporate connectivity, which is what vp= ns are usually used for.

I also like the idea of 'home router management as a service', = which is embedded in the 'network-dashboard' idea.

Additiona= lly to the vpn issue, getting port mirroring to work comes from a request f= rom MIT to be able to leverage their monitoring box, which is an external b= ox that can run at wire speeds.

It may sit on top of bismark one day to verify results.


=A0<= br>
Walter

2011/5/30 Dave Taht <dave.taht@gmail.com>
=
On Mon, May 30, 2011 at 8:52 AM, Srikanth= Sundaresan <srikanth@gatech.edu> wrote:

On May 30, 2011, at 6:58 PM, Dave Taht wrote:

> After running overnight, the openvpn server grew to about 8MB in size,= and seems to have stabilized there.

That's a lot, isn't it?

No. = The server should run on a far more capable host than the router, which wou= ld hardly notice.

More important is that I'm not observing unbo= unded memory growth, which is important for long running processes.

The server size is also a function of the number of connected clients. = There are only two connected now.

The client (after much less abuse = than I put the server through last night) weighs in at

12932=A0=A0= =A0=A0 1 root=A0=A0=A0=A0 S=A0=A0=A0=A0 4548=A0=A0 7%=A0=A0 0% /usr/sbin/op= envpn --syslog openvpn(cu

Note that using VSZ as per either of these measurements do is a bad=20 idea in that it inaccurately accounts for stack size and shared library=20 usage.

But as a rough measure, it's not bad, and we=20 currently have over 32MB of ram to spare, even after openvpn is=A0=20 running. dnsmasq, after some usage, will grow larger than it is at=20 present.

I'll put the client through some abuse in a bit.

As a client= , openvpn has the ability to take a list of addresses, and ports, to try an= outgoing connection on.=A0

As a server, multiple servers can listen also on multiple ports, on=20 multiple machines as well, so it is theoretically scalable to thousands=20 of users.

My principal problem (long term) with openvpn, is as a user space=20 daemon it cannot take advantage of hardware acceleration on the client=20 side, where available (of the hardware projected to be in use for=20 cerowrt, the only thing that does hardware crypto is the dreamplug). I=20 would also like to try a heavier crypto algo than blowfish.

That said, once I got through the 'generate a cert setup hassle'= ;,=20 it's nice to be able to get to port 81 through the vpn, as well as see= =20 snmp stuff.


_________________________________________= ______
Bismark-devel mailing list
Bi= smark-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/bismark-devel




--
Walter de Don= ato, PhD Student
Dipartimento di Informatica e Sistemistica
Universit= =E0=A0 degli Studi di Napoli "Federico II"
Via Claudio 21 -- 8= 0125 Napoli (Italy)
Phone: +39 081 76 83821 - Fax: +39 081 76 83816
= Email: walter= .dedonato@unina.it
WWW: ht= tp://wpage.unina.it/walter.dedonato




--
Dave T=E4ht
SKYPE: d= avetaht
US Tel: 1-239-829-5608
http://the-edge.blogspot.com
--90e6ba6134f88e77d304a48604c0--