From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp2.unina.it (smtp2.unina.it [192.132.34.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id BA9F1201A83 for ; Mon, 30 May 2011 12:46:14 -0700 (PDT) Received: from mail-qy0-f171.google.com (mail-qy0-f171.google.com [209.85.216.171]) (authenticated bits=0) by smtp2.unina.it (8.14.4/8.14.4) with ESMTP id p4UK2WLE013970 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=OK) for ; Mon, 30 May 2011 22:02:33 +0200 Received: by qyj19 with SMTP id 19so1081186qyj.16 for ; Mon, 30 May 2011 13:02:32 -0700 (PDT) MIME-Version: 1.0 Received: by 10.229.43.90 with SMTP id v26mr3694620qce.169.1306785752206; Mon, 30 May 2011 13:02:32 -0700 (PDT) Received: by 10.229.88.66 with HTTP; Mon, 30 May 2011 13:02:32 -0700 (PDT) In-Reply-To: References: Date: Mon, 30 May 2011 22:02:32 +0200 Message-ID: From: Walter de Donato To: Dave Taht Content-Type: multipart/alternative; boundary=00148536e7248ece2e04a483c430 Cc: bismark-devel@lists.bufferbloat.net Subject: Re: [Bismark-devel] initial openvpn results on capetown X-BeenThere: bismark-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: BISMark related software development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2011 19:46:15 -0000 --00148536e7248ece2e04a483c430 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I really like all these analysis on scalability and flexibility. Anyway, I think we won't need to have many tunnels active at the same time. The goal of having these tunnels is to be able to occasionally talk to the devices, access to their console/web_interface. Do you have other goals in mind? Walter 2011/5/30 Dave Taht > On Mon, May 30, 2011 at 8:52 AM, Srikanth Sundaresan wrote: > >> >> On May 30, 2011, at 6:58 PM, Dave Taht wrote: >> >> > After running overnight, the openvpn server grew to about 8MB in size, >> and seems to have stabilized there. >> >> That's a lot, isn't it? > > > No. The server should run on a far more capable host than the router, whi= ch > would hardly notice. > > More important is that I'm not observing unbounded memory growth, which i= s > important for long running processes. > > The server size is also a function of the number of connected clients. > There are only two connected now. > > The client (after much less abuse than I put the server through last nigh= t) > weighs in at > > 12932 1 root S 4548 7% 0% /usr/sbin/openvpn --syslog > openvpn(cu > > Note that using VSZ as per either of these measurements do is a bad idea = in > that it inaccurately accounts for stack size and shared library usage. > > But as a rough measure, it's not bad, and we currently have over 32MB of > ram to spare, even after openvpn is running. dnsmasq, after some usage, > will grow larger than it is at present. > > I'll put the client through some abuse in a bit. > > As a client, openvpn has the ability to take a list of addresses, and > ports, to try an outgoing connection on. > > As a server, multiple servers can listen also on multiple ports, on > multiple machines as well, so it is theoretically scalable to thousands o= f > users. > > My principal problem (long term) with openvpn, is as a user space daemon = it > cannot take advantage of hardware acceleration on the client side, where > available (of the hardware projected to be in use for cerowrt, the only > thing that does hardware crypto is the dreamplug). I would also like to t= ry > a heavier crypto algo than blowfish. > > That said, once I got through the 'generate a cert setup hassle', it's ni= ce > to be able to get to port 81 through the vpn, as well as see snmp stuff. > > > _______________________________________________ > Bismark-devel mailing list > Bismark-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/bismark-devel > > --=20 Walter de Donato, PhD Student Dipartimento di Informatica e Sistemistica Universit=E0 degli Studi di Napoli "Federico II" Via Claudio 21 -- 80125 Napoli (Italy) Phone: +39 081 76 83821 - Fax: +39 081 76 83816 Email: walter.dedonato@unina.it WWW: http://wpage.unina.it/walter.dedonato --00148536e7248ece2e04a483c430 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I really like all these analysis on scalability and flexibility.
Anyway= ,=A0I think we won't need to have many tunnels active at the same time.=

The goal of having these tunnels is to be able to= occasionally talk to the devices,
access to their console/web_interface.
Do you have other goa= ls in mind?

Walter

2011/5/30 Dave Taht <dave.taht@gmail.com>
On Mon, May 30, 2011 at 8:52 AM, Srika= nth Sundaresan <srikanth@gatech.edu> wrote:

On May 30, 2011, at 6:58 PM, Dave Taht wrote:

> After running overnight, the openvpn server grew to about 8MB in size,= and seems to have stabilized there.

That's a lot, isn't it?

No. = The server should run on a far more capable host than the router, which wou= ld hardly notice.

More important is that I'm not observing unbo= unded memory growth, which is important for long running processes.

The server size is also a function of the number of connected clients. = There are only two connected now.

The client (after much less abuse = than I put the server through last night) weighs in at

12932=A0=A0= =A0=A0 1 root=A0=A0=A0=A0 S=A0=A0=A0=A0 4548=A0=A0 7%=A0=A0 0% /usr/sbin/op= envpn --syslog openvpn(cu

Note that using VSZ as per either of these measurements do is a bad=20 idea in that it inaccurately accounts for stack size and shared library=20 usage.

But as a rough measure, it's not bad, and we=20 currently have over 32MB of ram to spare, even after openvpn is=A0=20 running. dnsmasq, after some usage, will grow larger than it is at=20 present.

I'll put the client through some abuse in a bit.

As a client= , openvpn has the ability to take a list of addresses, and ports, to try an= outgoing connection on.=A0

As a server, multiple servers can listen also on multiple ports, on=20 multiple machines as well, so it is theoretically scalable to thousands=20 of users.

My principal problem (long term) with openvpn, is as a user space=20 daemon it cannot take advantage of hardware acceleration on the client=20 side, where available (of the hardware projected to be in use for=20 cerowrt, the only thing that does hardware crypto is the dreamplug). I=20 would also like to try a heavier crypto algo than blowfish.

That said, once I got through the 'generate a cert setup hassle'= ;,=20 it's nice to be able to get to port 81 through the vpn, as well as see= =20 snmp stuff.


_______________________________________________
Bismark-devel mailing list
Bismark-devel@lists.= bufferbloat.net
https://lists.bufferbloat.net/listinfo/bismark-devel




--
Walter de Donato, P= hD Student
Dipartimento di Informatica e Sistemistica
Universit=E0=A0= degli Studi di Napoli "Federico II"
Via Claudio 21 -- 80125 N= apoli (Italy)
Phone: +39 081 76 83821 - Fax: +39 081 76 83816
Email: walter.dedonato@unina.itWWW: = http://wpage.unina.it/walter.dedonato

--00148536e7248ece2e04a483c430--