Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] bandwidth limited by distance??

From: Paul Krumviede (pwk_at_acm.org)
Date: Tue Jul 09 2002 - 07:41:06 CEST

Next message: MarshallJ_at_switch.aust.com: "Re: [Users] bandwidth limited by distance??"
Previous message: M. Yu: "[Users] Kernel and FreeSWAN compile problem"
In reply to: MarshallJ_at_switch.aust.com: "[Users] bandwidth limited by distance??"
Next in thread: MarshallJ_at_switch.aust.com: "Re: [Users] bandwidth limited by distance??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

--On Tuesday, 09 July, 2002 13:44 +1000 MarshallJ_at_switch.aust.com wrote:

> I have a vpn between FreeS/WAN and a cisco vpn concentrator. The
> FreeS/WAN box is in Australia and the Cisco is in USA. We have 2Mbit
> connection at each end, and I am seeing a 40kbytes/sec transfer rate
> through the vpn. I expected it to be a lot faster than that.
>
> I have a second FreeS/WAN box that's connected to the same cisco
> concentrator, and is on a 1.5Mbit connection however the ping time is
> lower (260ms vs 340 ms) and I am able to transfer 60kbytes/sec.
>
> My question is: Is the ipsec protocol bandwidth limited by round-trip
> time? Both ends were reasonably idle other than the vpn traffic at the
> times of the tests, so the only thing I can think of is the distance.

assuming that you aren't having to establish an SA while the test is
running, then IPsec should be insensitive to latency. however, if
your data path includes a satellite link, and somebody is running
something like TCP ack spoofing to improve TCP throughput on
the link, then encrypting the packet stream prevents the TCP
ack spoofing from working, and one sees lower bandwidths than
one would without the encryption.

a related issue is how you are testing the available bandwidth.
if using something based on TCP, then window size could be
important, particularly given the higher latency. and, of course,
any packet loss would drive TCP throughput down.

assuming the use of TCP to test, tcpdump could be your friend,
but you'd have to look to see if the window is closing, acks
don't seem to be arriving, there are retransmissions, or other
annoying symptoms of network problems.

> My next question is: How can I get this bandwidth to be closer to the
> capacity of the links?

depends on what you are trying to do. assuming that you aren't seeing
problems with packet loss, running multiple TCP streams might suffice,
but also might be completely irrelevant for your situation.

-paul

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: MarshallJ_at_switch.aust.com: "Re: [Users] bandwidth limited by distance??"
Previous message: M. Yu: "[Users] Kernel and FreeSWAN compile problem"
In reply to: MarshallJ_at_switch.aust.com: "[Users] bandwidth limited by distance??"
Next in thread: MarshallJ_at_switch.aust.com: "Re: [Users] bandwidth limited by distance??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:19 CEST