From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from complete.lackof.org (complete.lackof.org [198.49.126.79]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id AFF953B2A4 for ; Wed, 18 Nov 2020 21:49:39 -0500 (EST) Received: from [172.16.1.4] (unknown [71.212.187.245]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by complete.lackof.org (Postfix) with ESMTPSA id A701233E0051; Wed, 18 Nov 2020 19:49:38 -0700 (MST) To: bloat@lists.bufferbloat.net From: Matt Taggart Message-ID: <7331bef1-0780-6ff1-26ab-39026f3fffa8@lackof.org> Date: Wed, 18 Nov 2020 18:49:36 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.102.4 at complete.lackof.org X-Virus-Status: Clean X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on complete.lackof.org Subject: [Bloat] configuration on an OpenVPN server X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Nov 2020 02:49:39 -0000 Hi, I would like to configure SQM on an OpenVPN server and I am thinking about how to do this. I have already setup piece_of_cake on the upstream connection(in this case 900Mbit down/250Mbit up). I think that by itself should do a decent job of keeping things fair between all the VPN clients: they are assigned private IPs and triple-isolate should do the right thing. But OpenVPN creates a tun device for that traffic and I could potentially do more to manage the VPN traffic separately from the server host traffic. One thing that occurred to me is that due to asymmetric upload/download the host has, and the fact that the VPN traffic has to go to/from the client, maybe the download rate of the tun device will never exceed the upload rate of the host (since we need to retransmit that data to the clients) and vice versa for the upload? So to force myself to be a bottleneck should I have qdiscs on the tun device limiting to ~240Mbit in each direction? Hopefully that is clear. Let me know if it's not. Also anything else I should consider in this situation? I don't have much control of the VPN client hosts, but I could recommend openvpn settings if there is anything that would help (can you turn on ecn there, etc?) Thanks, -- Matt Taggart matt@lackof.org