From: Dave Taht <dave.taht@gmail.com>
To: cerowrt@lists.bufferbloat.net, cerowrt-devel@lists.bufferbloat.net
Subject: [Cerowrt-devel] VPN technology in a bufferbloated universe is doomed
Date: Tue, 6 Dec 2011 18:37:23 +0100 [thread overview]
Message-ID: <CAA93jw4rVde1zfK5zxEvU-yc_6WQ3z2efkqwScc1rXSxAPydgA@mail.gmail.com> (raw)
Last puppy to shoot today...
I have adaquately proven to myself at least, that VPN technologies in
a bufferbloated universe, are doomed.
VPN streams over UDP cannot compete with GSO and TSO offloads without
some form of fair queuing and AQM that works.
Encapsulating TCP over TCP merely compounds the problem.
I wouldn't mind writing a paper demonstrating this fully, but in the
meantime I feel that pursuing vpn technologies as part of cerowrt is a
waste of time.
Additionally, no matter how hard people try, things like ipsec have
mysterious failure modes, and the additional protocols are frequently
blocked by institutions and end user devices.
Things like openvpn tend to work better than ipsec, but as I note
above, fail to compete effectively.
We have helped find and fix multiple problems in encapsulation over
the past year, but until we achieve our primary goals as an
organization - fixing bufferbloat - I strongly feel
that vpns are a doomed technology.
--
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
FR Tel: 0638645374
http://www.bufferbloat.net
next reply other threads:[~2011-12-06 17:37 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-06 17:37 Dave Taht [this message]
2011-12-06 19:29 ` david
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAA93jw4rVde1zfK5zxEvU-yc_6WQ3z2efkqwScc1rXSxAPydgA@mail.gmail.com \
--to=dave.taht@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=cerowrt@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox