From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-iw0-f171.google.com (mail-iw0-f171.google.com [209.85.214.171]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 281FD201A83 for ; Mon, 30 May 2011 10:56:07 -0700 (PDT) Received: by iwn8 with SMTP id 8so4690595iwn.16 for ; Mon, 30 May 2011 11:12:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=SuGDxjupXrO0hQIHFxXp2gdwNNFQR4uLxcLWTKCoejU=; b=Vp1kNwxkiMLfNOPuZ/BKy0m1lnxtFqH/OfeVJTZkU33SWTVpT13u2u04IMpVEIIn4n vGpah0VUl+PElW+rjRtvyYLJ8IsOcpwQoziagxUP0op0DctfYDlNudkB7c7IYYdpprwe vMXcRcyhP5cNKYpwVTA44msziayUzLUXQlJjY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=YswNVVSzyWm+A2bZ9xqTv+oU3gsx5MmMoM9/lwP04FPXQ6iNAWfsEnKzyJtFTQN0UQ usWSe/3WF2KEu4ypdf4xan0SN7bAOxobFtNltBMEya6wtFe47R8nnEBJUhME+9Y5CBbJ CsFRuo5r4aoQX46EE/fVJNAZDLiVhC5TkUivQ= MIME-Version: 1.0 Received: by 10.231.51.17 with SMTP id b17mr6821612ibg.0.1306779146618; Mon, 30 May 2011 11:12:26 -0700 (PDT) Received: by 10.231.35.140 with HTTP; Mon, 30 May 2011 11:12:26 -0700 (PDT) In-Reply-To: References: Date: Mon, 30 May 2011 12:12:26 -0600 Message-ID: From: Dave Taht To: bismark-devel@lists.bufferbloat.net Content-Type: multipart/alternative; boundary=00151774169cd5865504a4823a57 Subject: Re: [Bismark-devel] initial openvpn results on capetown X-BeenThere: bismark-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: BISMark related software development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2011 17:56:07 -0000 --00151774169cd5865504a4823a57 Content-Type: text/plain; charset=ISO-8859-1 On Mon, May 30, 2011 at 8:52 AM, Srikanth Sundaresan wrote: > > On May 30, 2011, at 6:58 PM, Dave Taht wrote: > > > After running overnight, the openvpn server grew to about 8MB in size, > and seems to have stabilized there. > > That's a lot, isn't it? No. The server should run on a far more capable host than the router, which would hardly notice. More important is that I'm not observing unbounded memory growth, which is important for long running processes. The server size is also a function of the number of connected clients. There are only two connected now. The client (after much less abuse than I put the server through last night) weighs in at 12932 1 root S 4548 7% 0% /usr/sbin/openvpn --syslog openvpn(cu Note that using VSZ as per either of these measurements do is a bad idea in that it inaccurately accounts for stack size and shared library usage. But as a rough measure, it's not bad, and we currently have over 32MB of ram to spare, even after openvpn is running. dnsmasq, after some usage, will grow larger than it is at present. I'll put the client through some abuse in a bit. As a client, openvpn has the ability to take a list of addresses, and ports, to try an outgoing connection on. As a server, multiple servers can listen also on multiple ports, on multiple machines as well, so it is theoretically scalable to thousands of users. My principal problem (long term) with openvpn, is as a user space daemon it cannot take advantage of hardware acceleration on the client side, where available (of the hardware projected to be in use for cerowrt, the only thing that does hardware crypto is the dreamplug). I would also like to try a heavier crypto algo than blowfish. That said, once I got through the 'generate a cert setup hassle', it's nice to be able to get to port 81 through the vpn, as well as see snmp stuff. --00151774169cd5865504a4823a57 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Mon, May 30, 2011 at 8:52 AM, Srikanth Sundaresan <= srikanth@gatech.edu> wrote:

On May 30, 2011, at 6:58 PM, Dave Taht wrote:

> After running overnight, the openvpn server grew to about 8MB in size,= and seems to have stabilized there.

That's a lot, isn't it?

No. The se= rver should run on a far more capable host than the router, which would har= dly notice.

More important is that I'm not observing unbounded = memory growth, which is important for long running processes.

The server size is also a function of the number of connected clients. = There are only two connected now.

The client (after much less abuse = than I put the server through last night) weighs in at

12932=A0=A0= =A0=A0 1 root=A0=A0=A0=A0 S=A0=A0=A0=A0 4548=A0=A0 7%=A0=A0 0% /usr/sbin/op= envpn --syslog openvpn(cu

Note that using VSZ as per either of these measurements do is a bad=20 idea in that it inaccurately accounts for stack size and shared library=20 usage.

But as a rough measure, it's not bad, and we=20 currently have over 32MB of ram to spare, even after openvpn is=A0=20 running. dnsmasq, after some usage, will grow larger than it is at=20 present.

I'll put the client through some abuse in a bit.

As a client= , openvpn has the ability to take a list of addresses, and ports, to try an= outgoing connection on.=A0

As a server, multiple servers can listen also on multiple ports, on=20 multiple machines as well, so it is theoretically scalable to thousands=20 of users.

My principal problem (long term) with openvpn, is as a user space=20 daemon it cannot take advantage of hardware acceleration on the client=20 side, where available (of the hardware projected to be in use for=20 cerowrt, the only thing that does hardware crypto is the dreamplug). I=20 would also like to try a heavier crypto algo than blowfish.

That said, once I got through the 'generate a cert setup hassle'= ;,=20 it's nice to be able to get to port 81 through the vpn, as well as see= =20 snmp stuff.

--00151774169cd5865504a4823a57--