* [Bloat] testing vpn encapsulation... volunteers?
@ 2011-10-14 7:36 David Täht
0 siblings, 0 replies; only message in thread
From: David Täht @ 2011-10-14 7:36 UTC (permalink / raw)
To: bloat
[-- Attachment #1: Type: text/plain, Size: 2120 bytes --]
One of my tasks for the past several months has been to verify that the
core Linux networking stack is actually behaving as expected, before
being able to proceed higher on the stack with AQM tests over short
haul, wireless, and LFN conditions, with various amounts of buffering...
Aside from the sack oddity noted earlier this week, the various tcp
algorithms (I've mostly fiddled with cubic and westwood) appear to be
'doing the right thing' - and a brief test of 3.1-rc9 showed sack
behaving in sane way, although I need to more precisely duplicate the
original test to be certain. (There are also some interesting patches
going by eric dumazet from about reducing skb memory requirements, which
also helps with sack processing)
So, I'm moving on into verifying the behavior of encapsulated packets
now (6in4, 6to4, and various forms of VPN).
I've built strongswan, ipsec-tools, and openvpn as optional packages as
part of CeroWrt.
I note that the qos-scripts are not smart enough to handle ipv6 at all,
so I've forked that package in preparation for making it work 'more
right', but as for this weekend's testing I was hoping to get some
strongswan-based VPN users into bloatlab #1 at isc, using
'europa.lab.bufferbloat.net' as the gateway.
Any volunteers for a few minutes of testing?
Getting up and running would be straightforward - if it wasn't for the
fact that strongswan 4.5.0 (as is in ubuntu 11.4) appears to be broken.
I have an easy way to build 4.5.3, as well as supply certs to potential
testers...
There are three other problems I haven't figured out fully -
firewalling, route propagation, and supplying dynamic ip addresses over
the vpn, but basic connectivity seems to work. Strongswan uses up an
absurd amount of virtual memory on this tiny little box, but not all
that much physical, at least on the limited connection testing I've done
thus far.
Using ECN signaling on vpn connections appears to have some promise, too.
Lastly europa is running rc7-smoketest4, which appears to be as stable
as the final rc6 was. I strongly suspect that smoketest5 will be less
stable...
--
Dave Täht
[-- Attachment #2: dave_taht.vcf --]
[-- Type: text/x-vcard, Size: 204 bytes --]
begin:vcard
fn;quoted-printable:Dave T=C3=A4ht
n;quoted-printable:T=C3=A4ht;Dave
email;internet:dave.taht@gmail.com
tel;home:1-239-829-5608
tel;cell:0638645374
x-mozilla-html:FALSE
version:2.1
end:vcard
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2011-10-14 7:37 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-10-14 7:36 [Bloat] testing vpn encapsulation... volunteers? David Täht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox