[Starlink] VPN woes, recommendations?
Adam Thompson
athompson at merlin.mb.ca
Fri Feb 17 12:38:36 EST 2023
I may be able to repeat your benchmarks, if you have something that shows the methodology, tools, parameters, etc. that were used. (The linked document does not have that level of detail.)
-Adam
Adam Thompson
Consultant, Infrastructure Services
[MERLIN]
100 - 135 Innovation Drive
Winnipeg, MB R3T 6A8
(204) 977-6824 or 1-800-430-6404 (MB only)
https://www.merlin.mb.ca<https://www.merlin.mb.ca/>
[cid:image002.png at 01D942C4.5CB417F0]Chat with me on Teams<https://teams.microsoft.com/l/chat/0/0?users=athompson@merlin.mb.ca>
From: Dave Taht <dave.taht at gmail.com>
Sent: February 17, 2023 10:45 AM
To: Adam Thompson <athompson at merlin.mb.ca>
Cc: Daniel C. Eckert <eckertd at gmail.com>; starlink at lists.bufferbloat.net
Subject: Re: [Starlink] VPN woes, recommendations?
On Fri, Feb 17, 2023 at 8:39 AM Adam Thompson via Starlink <starlink at lists.bufferbloat.net<mailto:starlink at lists.bufferbloat.net>> wrote:
Sorry, forgot to answer the first part: yes, absent the tunnel, we get ~200/8 consistently, occasionally bursting higher.
you really should test more deeply, and for longer periods than 15 seconds.
I keep hoping someone with business class service will repeat these 2 year old benchmarks.
https://docs.google.com/document/d/1puRjUVxJ6cCv-rgQ_zn-jWZU9ae0jZbFATLf4PQKblM/edit#heading=h.fwv7fw3aeaz
-Adam
Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Daniel C. Eckert <eckertd at gmail.com<mailto:eckertd at gmail.com>>
Sent: Friday, February 17, 2023 10:36:24 AM
To: Adam Thompson <athompson at merlin.mb.ca<mailto:athompson at merlin.mb.ca>>
Cc: starlink at lists.bufferbloat.net<mailto:starlink at lists.bufferbloat.net> <starlink at lists.bufferbloat.net<mailto:starlink at lists.bufferbloat.net>>
Subject: Re: [Starlink] VPN woes, recommendations?
Interesting scenario. This reply only addresses a small part of your message: While I see you've done the math and checked the specs for the Aruba devices -- have you already conducted a few non-VPN tests between direct-wire-connected laptops/devices at those two locations to know what "baseline" bandwidth you're starting from when considering the max potential bandwidth for the encrypted traffic? For example, since you're on a business plan, you should have a direct public IP to target with iperf traffic from either end, even if not encrypted.
Dan
On Fri, Feb 17, 2023 at 11:30 AM Adam Thompson via Starlink <starlink at lists.bufferbloat.net<mailto:starlink at lists.bufferbloat.net>> wrote:
Hi, all.
We've been trying to develop a plug-and-play L2 VPN over Starlink, using Aruba Hospitality-series Remote APs like their RAP-505H.
It's not going great, and I'm wondering about several Starlink-specific issues.
First, having multiple devices in serial is generally not a great idea for reliability. Can we realistically plug our remote AP directly into the dish, still? (This is using Starlink Business, FWIW.). I know we lose access to the Starlink app, but we also lose a NATing router and an unwanted wifi AP, so that's probably a net zero. I just don't know what other dangers/problems that topology might cause.
Secondly, we're only able to push about 30Mbps through the (magical Aruba-proprietary GRE+IPsec) tunnel. The bandwidth-delay equations suggest we should be seeing around 100Mbps, not 30. (The Aruba devices are rated for ~2Gbps encrypted at the site end, and ~7Gbps at the head end, so presumably that's not the bottleneck.)
So:
* does anyone have corroborating *or* contradicting evidence of VPN performance over Starlink's particular flavor of Long Fat Pipe, and
* does anyone have any positive (or negative, I guess!) recommendations for cloud-managed VPN devices that can do at least 100M and magically work from behind double-NAT/CGNAT like we see with Starlink? Bonus points if it does L2 tunnels or can run a dynamic routing protocol.
* Other comments or suggestions welcome, too.
Thanks,
-Adam
Get Outlook for Android<https://streaklinks.com/BZdCYXLz80mmcz4jWATVEg7r/https%3A%2F%2Faka.ms%2FAAb9ysg>
_______________________________________________
Starlink mailing list
Starlink at lists.bufferbloat.net<mailto:Starlink at lists.bufferbloat.net>
https://lists.bufferbloat.net/listinfo/starlink
ᐧ
ᐧ
_______________________________________________
Starlink mailing list
Starlink at lists.bufferbloat.net<mailto:Starlink at lists.bufferbloat.net>
https://lists.bufferbloat.net/listinfo/starlink
--
Surveillance Capitalism? Or DIY? Choose: https://blog.cerowrt.org/post/an_upgrade_in_place/
Dave Täht CEO, TekLibre, LLC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/starlink/attachments/20230217/00bd0ea1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 13827 bytes
Desc: image001.png
URL: <https://lists.bufferbloat.net/pipermail/starlink/attachments/20230217/00bd0ea1/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 359 bytes
Desc: image002.png
URL: <https://lists.bufferbloat.net/pipermail/starlink/attachments/20230217/00bd0ea1/attachment-0003.png>
More information about the Starlink
mailing list