* [Cerowrt-devel] VPN technology in a bufferbloated universe is doomed
@ 2011-12-06 17:37 Dave Taht
2011-12-06 19:29 ` david
0 siblings, 1 reply; 2+ messages in thread
From: Dave Taht @ 2011-12-06 17:37 UTC (permalink / raw)
To: cerowrt, cerowrt-devel
Last puppy to shoot today...
I have adaquately proven to myself at least, that VPN technologies in
a bufferbloated universe, are doomed.
VPN streams over UDP cannot compete with GSO and TSO offloads without
some form of fair queuing and AQM that works.
Encapsulating TCP over TCP merely compounds the problem.
I wouldn't mind writing a paper demonstrating this fully, but in the
meantime I feel that pursuing vpn technologies as part of cerowrt is a
waste of time.
Additionally, no matter how hard people try, things like ipsec have
mysterious failure modes, and the additional protocols are frequently
blocked by institutions and end user devices.
Things like openvpn tend to work better than ipsec, but as I note
above, fail to compete effectively.
We have helped find and fix multiple problems in encapsulation over
the past year, but until we achieve our primary goals as an
organization - fixing bufferbloat - I strongly feel
that vpns are a doomed technology.
--
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
FR Tel: 0638645374
http://www.bufferbloat.net
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Cerowrt-devel] VPN technology in a bufferbloated universe is doomed
2011-12-06 17:37 [Cerowrt-devel] VPN technology in a bufferbloated universe is doomed Dave Taht
@ 2011-12-06 19:29 ` david
0 siblings, 0 replies; 2+ messages in thread
From: david @ 2011-12-06 19:29 UTC (permalink / raw)
To: Dave Taht; +Cc: cerowrt, cerowrt-devel
On Tue, 6 Dec 2011, Dave Taht wrote:
> Last puppy to shoot today...
>
> I have adaquately proven to myself at least, that VPN technologies in
> a bufferbloated universe, are doomed.
>
> VPN streams over UDP cannot compete with GSO and TSO offloads without
> some form of fair queuing and AQM that works.
>
> Encapsulating TCP over TCP merely compounds the problem.
>
> I wouldn't mind writing a paper demonstrating this fully, but in the
> meantime I feel that pursuing vpn technologies as part of cerowrt is a
> waste of time.
I saw papers documenting this over a decade ago. they ween't academic
papers, they were writups from VPN/tunneling tools explaining why
tunneling across SSH wasn't a good idea. I am amazed at how many people
find this a new idea, it needs a lot more publicity.
> Additionally, no matter how hard people try, things like ipsec have
> mysterious failure modes, and the additional protocols are frequently
> blocked by institutions and end user devices.
>
> Things like openvpn tend to work better than ipsec, but as I note
> above, fail to compete effectively.
>
> We have helped find and fix multiple problems in encapsulation over
> the past year, but until we achieve our primary goals as an
> organization - fixing bufferbloat - I strongly feel
> that vpns are a doomed technology.
I think this falls into the same category as IPv6.
Don't concentrate on this right now. Leave it as a supoorted function in
Cerowrt, because people trying to use these devices may want to use it,
but you can't solve the problems here, so don't try (at least until you
have the basics working)
David Lang
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-12-06 19:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-12-06 17:37 [Cerowrt-devel] VPN technology in a bufferbloated universe is doomed Dave Taht
2011-12-06 19:29 ` david
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox