[Bismark-devel] initial openvpn results on capetown

Walter de Donato walter.dedonato at unina.it
Mon May 30 13:02:32 PDT 2011


I really like all these analysis on scalability and flexibility.
Anyway, I think we won't need to have many tunnels active at the same time.

The goal of having these tunnels is to be able to occasionally talk to the
devices,
access to their console/web_interface.
Do you have other goals in mind?

Walter

2011/5/30 Dave Taht <dave.taht at gmail.com>

> On Mon, May 30, 2011 at 8:52 AM, Srikanth Sundaresan <srikanth at gatech.edu>wrote:
>
>>
>> On May 30, 2011, at 6:58 PM, Dave Taht wrote:
>>
>> > After running overnight, the openvpn server grew to about 8MB in size,
>> and seems to have stabilized there.
>>
>> That's a lot, isn't it?
>
>
> No. The server should run on a far more capable host than the router, which
> would hardly notice.
>
> More important is that I'm not observing unbounded memory growth, which is
> important for long running processes.
>
> The server size is also a function of the number of connected clients.
> There are only two connected now.
>
> The client (after much less abuse than I put the server through last night)
> weighs in at
>
> 12932     1 root     S     4548   7%   0% /usr/sbin/openvpn --syslog
> openvpn(cu
>
> Note that using VSZ as per either of these measurements do is a bad idea in
> that it inaccurately accounts for stack size and shared library usage.
>
> But as a rough measure, it's not bad, and we currently have over 32MB of
> ram to spare, even after openvpn is  running. dnsmasq, after some usage,
> will grow larger than it is at present.
>
> I'll put the client through some abuse in a bit.
>
> As a client, openvpn has the ability to take a list of addresses, and
> ports, to try an outgoing connection on.
>
> As a server, multiple servers can listen also on multiple ports, on
> multiple machines as well, so it is theoretically scalable to thousands of
> users.
>
> My principal problem (long term) with openvpn, is as a user space daemon it
> cannot take advantage of hardware acceleration on the client side, where
> available (of the hardware projected to be in use for cerowrt, the only
> thing that does hardware crypto is the dreamplug). I would also like to try
> a heavier crypto algo than blowfish.
>
> That said, once I got through the 'generate a cert setup hassle', it's nice
> to be able to get to port 81 through the vpn, as well as see snmp stuff.
>
>
> _______________________________________________
> Bismark-devel mailing list
> Bismark-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/bismark-devel
>
>


-- 
Walter de Donato, PhD Student
Dipartimento di Informatica e Sistemistica
Università  degli Studi di Napoli "Federico II"
Via Claudio 21 -- 80125 Napoli (Italy)
Phone: +39 081 76 83821 - Fax: +39 081 76 83816
Email: walter.dedonato at unina.it
WWW: http://wpage.unina.it/walter.dedonato
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/bismark-devel/attachments/20110530/13fca1bb/attachment.html>


More information about the Bismark-devel mailing list