From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 83E83202213 for ; Wed, 18 Apr 2012 23:33:01 -0700 (PDT) Received: by wibhr17 with SMTP id hr17so1238292wib.10 for ; Wed, 18 Apr 2012 23:32:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=bs9uBk2tNGUgsBZEZ4IV0R2yn6RWLPVEoUeFUhJXU0s=; b=Gr+wSfe2rxpBZgfYfTGB3bChT/hruJqtr4QR6X0eVpmHVxBOXXP56EyfkMJ5+/Va4p Uxn0Rv0rhSw1eOEBwKuFWDUw4PVf/qA4CrJftOv+oX+7b5x661eo+HOmLUNXuQLaVeCC 8FEGnO+bNKXL1zd3zfPCNhQ/4k/hk+QjmY7fz/SNVGkqSVirf9FhsYQf4OYQP5jhJWuN 2r30OGNs8VjuLlr67UioZkc4iCoNa385RRpOEvnRKjZq2WRmo6WFxu6NbxWo9FiWMZSo brFjDo/Bcyk2DSHyEPrvZZQUGgmBFFCp/abzpQWgfsay5RI7+CyOU2iFhwShulnaL4pY OKjQ== MIME-Version: 1.0 Received: by 10.180.82.132 with SMTP id i4mr23333117wiy.12.1334817178219; Wed, 18 Apr 2012 23:32:58 -0700 (PDT) Received: by 10.223.122.132 with HTTP; Wed, 18 Apr 2012 23:32:58 -0700 (PDT) Date: Wed, 18 Apr 2012 23:32:58 -0700 Message-ID: From: Dave Taht To: cerowrt-devel@lists.bufferbloat.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: [Cerowrt-devel] 7000 traps a second (and dropping). Ipsec, anyone? X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Apr 2012 06:33:02 -0000 http://huchra.bufferbloat.net/~cero1/3.3/3.3.2-6/ is out. After a truly epic bug hunt... http://www.bufferbloat.net/issues/360#note-79 ipv6 and ipv4 are performing comparably. (the major differences are due to the firewall rules) It looks like we tacked on another 20-30Mbit of peak performance for ipv4 as well (I see it peak at 290Mbit now with no firewall rules, no aqm) which is currently bounded by the last remaining traps in the aqm code, which we haven't found yet. I have high hopes we will find the rest over the next week. If there are any favors I can ask of the list, if there is anyone out there that can run openvpn and/or strongswan on this release? OR: I would like to be able to connect an openvpn and/or ipsec client 50-200ms away to make sure the aqm stuff doesn't mess with that too much, too. (or vice versa) as we A) fixed up that code and B) expect ipsec at the very least, to be much faster. C) Or, crash. I spent a little time fiddling with how to create a 4in6 tunnel unencrypted and didn't get anywhere. This is not quite good enough to make it someplace with 4in6 opkg update opkg install kmod-ip6-tunnel #!/bin/sh DEST=3D2001:X.Y.Z LOCAL=3D`ip -o addr show dev ge00 | grep 2001 | awk '{print $4}' | cut -f1 = -d/` #PREFIX=3D ip -6 tunnel add ip6tnl1 mode ip4ip6 remote ${DEST} local ${LOCAL} ip link set dev ip6tnl1 up ip -6 route add dev ip6tnl1 metric 4 ip addr add 192.168.66.5/24 dev ip6tnl1 --=20 Dave T=E4ht SKYPE: davetaht US Tel: 1-239-829-5608 http://www.bufferbloat.net