From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dave.taht@gmail.com>
Received: from mail-iy0-f171.google.com (mail-iy0-f171.google.com
	[209.85.210.171]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id A45F0200346;
	Tue,  6 Dec 2011 09:37:25 -0800 (PST)
Received: by iaen33 with SMTP id n33so15620227iae.16
	for <multiple recipients>; Tue, 06 Dec 2011 09:37:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type
	:content-transfer-encoding;
	bh=VyYV5Xr7qt2EoE2HXfUh0wGdvyf6JQ/OiSJ7a2Ah6EI=;
	b=nm8/2p/ysUelguf/ezVgBMXiXjlsTNvHfNuFvLOugFYdzP+z0WMS1YpvPTMMNYz+6d
	aOxWAsgn0NjHYhRngZAZV487GVWCI865MQY691keFVhgmcazY9g0HGLtjJkj1Qvvbj8h
	vOYxmwRjOFCSaQORwPJlnlzJfccr0Zw9ufmv0=
MIME-Version: 1.0
Received: by 10.43.131.196 with SMTP id hr4mr14960687icc.55.1323193043388;
	Tue, 06 Dec 2011 09:37:23 -0800 (PST)
Received: by 10.231.204.83 with HTTP; Tue, 6 Dec 2011 09:37:23 -0800 (PST)
Date: Tue, 6 Dec 2011 18:37:23 +0100
Message-ID: <CAA93jw4rVde1zfK5zxEvU-yc_6WQ3z2efkqwScc1rXSxAPydgA@mail.gmail.com>
From: Dave Taht <dave.taht@gmail.com>
To: cerowrt@lists.bufferbloat.net, cerowrt-devel@lists.bufferbloat.net
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: [Cerowrt-devel] VPN technology in a bufferbloated universe is doomed
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Tue, 06 Dec 2011 17:37:25 -0000

Last puppy to shoot today...

I have adaquately proven to myself at least, that VPN technologies in
a bufferbloated universe, are doomed.

VPN streams over UDP cannot compete with GSO and TSO offloads without
some form of fair queuing and AQM that works.

Encapsulating TCP over TCP merely compounds the problem.

I wouldn't mind writing a paper demonstrating this fully, but in the
meantime I feel that pursuing vpn technologies as part of cerowrt is a
waste of time.

Additionally, no matter how hard people try, things like ipsec have
mysterious failure modes, and the additional protocols are frequently
blocked by institutions and end user devices.

Things like openvpn tend to work better than ipsec, but as I note
above, fail to compete effectively.

We have helped find and fix multiple problems in encapsulation over
the past year, but until we achieve our primary goals as an
organization - fixing bufferbloat - I strongly feel
that vpns are a doomed technology.





--=20
Dave T=E4ht
SKYPE: davetaht
US Tel: 1-239-829-5608
FR Tel: 0638645374
http://www.bufferbloat.net