[CentOS] OpenVPN throughput
John R Pierce
pierce at hogranch.com
Thu Aug 19 18:42:50 UTC 2010
On 08/19/10 7:29 AM, Boris Epstein wrote:
> We have two old PIII-class machines that are being tested for the role
> of the gateways. We have put new 1 Gbit NIC's in them and they work
> find for everything (data transmission, DHCP, DNS, routing) except the
> VPN. When traffic goes through the VPN the OpenVPN process goes to 99%
> CPU on the server, about 70% CPU on the client and the effective
> transmission rate goes down to about 6 MB/s whereas in non-VPN mode it
> can be as high as 50+ MB/s (the top for the 1 Gbit/s is, obviously,
> 125 MB/s hence with the VPN we are down to about 5% of the capacity).
encryption is CPU intensive. you might get a little better throughput
if you can force Blowfish cypher over whatever else as it is somewhat
lower in CPU overhead, and still considered decently strong, but you
still likely won't get wire speed. heck, you can't get wirespeed doing
a simple http bulk transfer over gigE with a p3.
note going from P3 to early P4, you need to at least double the clock
speed to get about the same performance.. I wouldn't touch a p4 under
2.8Ghz for this. The Core line of CPUs are considerably faster per
clock than the P4's. AMD's athlon64/opterons perform much better than
P4's at the same clock speeds.
More information about the CentOS
mailing list