[Bloat] testing vpn encapsulation... volunteers?

David Täht dave.taht at gmail.com
Fri Oct 14 03:36:56 EDT 2011


One of my tasks for the past several months has been to verify that the
core Linux networking stack is actually behaving as expected, before
being able to proceed higher on the stack with AQM tests over short
haul, wireless, and LFN conditions, with various amounts of buffering...

Aside from the sack oddity noted earlier this week, the various tcp
algorithms (I've mostly fiddled with cubic and westwood) appear to be
'doing the right thing' - and a brief test of 3.1-rc9 showed sack
behaving in sane way, although I need to more precisely duplicate the
original test to be certain. (There are also some interesting patches
going by eric dumazet from about reducing skb memory requirements, which
also helps with sack processing)

So, I'm moving on into verifying the behavior of encapsulated packets
now (6in4, 6to4, and various forms of VPN).

I've built strongswan, ipsec-tools, and openvpn as optional packages as
part of CeroWrt.

I note that the qos-scripts are not smart enough to handle ipv6 at all,
so I've forked that package in preparation for making it work 'more
right', but as for this weekend's testing I was hoping to get some
strongswan-based VPN users into bloatlab #1 at isc, using
'europa.lab.bufferbloat.net' as the gateway.

Any volunteers for a few minutes of testing?

Getting up and running would be straightforward - if it wasn't for the
fact that strongswan 4.5.0 (as is in ubuntu 11.4) appears to be broken.
I have an easy way to build 4.5.3, as well as supply certs to potential
testers...

There are three other problems I haven't figured out fully -
firewalling, route propagation, and supplying dynamic ip addresses over
the vpn, but basic connectivity seems to work. Strongswan uses up an
absurd amount of virtual memory on this tiny little box, but not all
that much physical, at least on the limited connection testing I've done
thus far.

Using ECN signaling on vpn connections appears to have some promise, too.

Lastly europa is running rc7-smoketest4, which appears to be as stable
as the final rc6 was. I strongly suspect that smoketest5 will be less
stable...

-- 
Dave Täht

-------------- next part --------------
A non-text attachment was scrubbed...
Name: dave_taht.vcf
Type: text/x-vcard
Size: 204 bytes
Desc: not available
URL: <https://lists.bufferbloat.net/pipermail/bloat/attachments/20111014/d26e75b0/attachment-0002.vcf>


More information about the Bloat mailing list