I really like all these analysis on scalability and flexibility.<div>Anyway, I think we won't need to have many tunnels active at the same time.</div><div><br></div><div>The goal of having these tunnels is to be able to occasionally talk to the devices,</div>
<div>access to their console/web_interface.</div><div>Do you have other goals in mind?</div><div><br></div><div>Walter<br><div><div><br><div class="gmail_quote">2011/5/30 Dave Taht <span dir="ltr"><<a href="mailto:dave.taht@gmail.com">dave.taht@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div>On Mon, May 30, 2011 at 8:52 AM, Srikanth Sundaresan <span dir="ltr"><<a href="mailto:srikanth@gatech.edu" target="_blank">srikanth@gatech.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex"><div class="im">
<div><br>
On May 30, 2011, at 6:58 PM, Dave Taht wrote:<br>
<br>
> After running overnight, the openvpn server grew to about 8MB in size, and seems to have stabilized there.<br>
<br>
</div></div>That's a lot, isn't it?</blockquote></div><div><br>No. The server should run on a far more capable host than the router, which would hardly notice. <br><br>More important is that I'm not observing unbounded memory growth, which is important for long running processes.<br>
<br>The server size is also a function of the number of connected clients. There are only two connected now.<br><br>The client (after much less abuse than I put the server through last night) weighs in at <br><br>12932 1 root S 4548 7% 0% /usr/sbin/openvpn --syslog openvpn(cu<br>
<br>Note that using VSZ as per either of these measurements do is a bad
idea in that it inaccurately accounts for stack size and shared library
usage.<br></div><br>But as a rough measure, it's not bad, and we
currently have over 32MB of ram to spare, even after openvpn is
running. dnsmasq, after some usage, will grow larger than it is at
present.<br clear="all">
<br>I'll put the client through some abuse in a bit.<br><br>As a client, openvpn has the ability to take a list of addresses, and ports, to try an outgoing connection on. <br><br>As
a server, multiple servers can listen also on multiple ports, on
multiple machines as well, so it is theoretically scalable to thousands
of users.<br>
<br>My principal problem (long term) with openvpn, is as a user space
daemon it cannot take advantage of hardware acceleration on the client
side, where available (of the hardware projected to be in use for
cerowrt, the only thing that does hardware crypto is the dreamplug). I
would also like to try a heavier crypto algo than blowfish. <br>
<br>That said, once I got through the 'generate a cert setup hassle',
it's nice to be able to get to port 81 through the vpn, as well as see
snmp stuff.<br><br>
<br>_______________________________________________<br>
Bismark-devel mailing list<br>
<a href="mailto:Bismark-devel@lists.bufferbloat.net">Bismark-devel@lists.bufferbloat.net</a><br>
<a href="https://lists.bufferbloat.net/listinfo/bismark-devel" target="_blank">https://lists.bufferbloat.net/listinfo/bismark-devel</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Walter de Donato, PhD Student<br>Dipartimento di Informatica e Sistemistica<br>Universitą degli Studi di Napoli "Federico II"<br>Via Claudio 21 -- 80125 Napoli (Italy)<br>
Phone: +39 081 76 83821 - Fax: +39 081 76 83816<br>Email: <a href="mailto:walter.dedonato@unina.it" target="_blank">walter.dedonato@unina.it</a><br>WWW: <a href="http://wpage.unina.it/walter.dedonato" target="_blank">http://wpage.unina.it/walter.dedonato</a><br>
<br>
</div></div></div>