Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Untanglit
    Join Date
    Sep 2016
    Posts
    25

    Default Speed limitation?

    I am using Untangle at 2 sites.
    1 site has 500Mbps internet connection, the other has 1Gbps.

    Clients connected behind each Untangle at both sites can pretty much max out the connection.
    Speed tests show close to the advertised rate, as do downloads.

    The 500Mbps site has Open VPN server setup.

    The 1Gpbs has TunnelVPN setup to connect to the server.

    If I configure a rule to route all traffic over the tunnel, the max speed I can get seems to be about 60Mbps.

    I wonder is there some kind of limitation in either the openVPN server application or the Tunnel VPN client that would limit the speed?

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,178

    Default

    There is no speed limitation other than the bandwidth and the underlying hardware. I do see differences in VPN speed by ISP.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untanglit
    Join Date
    Sep 2016
    Posts
    25

    Default

    Any ideas what I could look into then?

    Like I said local clients connected behind either appliance get near enough full bandwidth.

    As soon as I tunnel all the traffic it drops to no higher then 60-70 Mbps

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,774

    Default

    It takes a bucket of CPU to encrypt traffic that fast, on both ends. What are the CPUs in those two Untangle servers? I'd say if it's a celeron, or an atom... that's the problem.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untanglit
    Join Date
    Sep 2016
    Posts
    25

    Default

    Sorry for late response. Both are VMs, with following spec:
    On the 500Mbps end its a Xeon E5-2640v2 @ 2Ghz - 4 Cores / 6GB RAM
    On the 1Gbps end its a Xeon E5-2690 @ 2.9Ghz - 4 Core / 6GB RAM

    So fairly well specc'ed. CPU load on both is very low. Memory sits at about 40% most of the time.

    The server side does have lots of apps installed, but not sure if they come into play?

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,774

    Default

    Virtual Untangles only make this process harder. That CPU doesn't belong to Untangle, it has to schedule time on the host, to get the CPU later. That delay, creates bandwidth problems.

    You have to reserve resources for Untangle for it to do its job. And that assumes the load issue is a CPU issue, it can be a NIC issue too. And with a hypervisor in the way, it's that much harder to troubleshoot.

    There's a wildcard here too, and that is the ISPs involved. It's quite possible you're being throttled upstream too.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Master Untangler
    Join Date
    May 2008
    Posts
    972

    Default

    What hypervisor?

  8. #8
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,178

    Default

    Quote Originally Posted by donhwyo View Post
    What hypervisor?
    He means virtualized.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untanglit
    Join Date
    Sep 2016
    Posts
    25

    Default

    I dont think its a CPU issue, as nothing in the logs seem to ever show the CPU use spike. Or even really go very high.
    I have watched both appliances CPU while testing the tunnel.

    I also dont think its ISP. Clients behind the UTs at either side can pretty much max out the BW while traffic is leaving local.

    Its only when I send internet traffic from 1 site over to the other that the BW seems to top out at 60Mbps~

    Otherwise, clients on the 1Gbps site hit 960Mbps easily. On the 500Mbps site 450Mbps is easily achieved.
    Thats both on speed tests and test downloads from various places.

    The same is true if I do a file copy from site 1 to site 2 over the tunnel. Tops out at about 6MB/s (58MBps~)

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,774

    Default

    Oh my sir, I remember when I was that naive... Life is so much simpler when you think you can believe what you see. And I'm not being condescending here, this is pure nostalgia.

    Now for the ugly part... CPU monitors on virtual machines are flighty at best. They simply produce inaccurate information. All they reliably report, is delays in scheduling, which while an indicator of CPU load aren't actually CPU load itself. So when you're dealing with CPU loads associated with hardware, such as NIC interactions with the system, it's simply not reported. The impacts are felt, but not measured. The CPU loads you see are from user land applications. Sadly, a virtual device driver, connected to the hypervisor's hardware abstraction, then to a physical device driver and finally to a device, ALL bypass the CPU measurements.

    Also, just because the Internet connection affords other types of traffic higher velocities, doesn't mean the ISP isn't actively acting against the OpenVPN traffic itself. They could even be limiting traffic between the two endpoints, in the very specific circumstance that OpenVPN is used.

    Your only real option is to change VPN technologies, and see if there's a change in performance. You could also test your OpenVPN performance against another VPN terminator to see if the results are similar.

    So the only test I'm afraid is to try to setup Untangle bare metal, and put it over the same links. If you see a speed increase, you know you've got a performance issue with the hypervisors. If you don't see a speed increase, especially if you see the exact same speed, that's as close to a smoking gun you're ever going to get that says something on the Internet between the two endpoints is slowing you down. And it's this reality, that's honestly far more likely.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2