You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by Gian Paolo Buono <gi...@gesca.it> on 2017/09/25 21:53:42 UTC

[Site-to-Site IPSEC Slow]

Hi all,
I have an IPSEC tunnel established between two sites (VPC CloudStack) vs 
Openswan Debian and both sites get 100Mbps down / 100 Mbps up.
When I send the traffic into the tunnel the max bandwith is 4MB/s, when 
i send the traffic out the tunnel the bandwith is 12MB/s, any idea ?

Regards
Gian Paolo

Re: [Site-to-Site IPSEC Slow]

Posted by Gian Paolo Buono <gi...@gesca.it>.

Hi,
thank you all, I solved changing the encryption from 3des-md5 to aes128-md5

Bye

On 10/02/2017 07:13 PM, Glenn Wagner wrote:

Hi,

Can you check the auth.log file on the VR’s to see if you got any errors, also are you using any private gateways with these VPC’s?

Regards
Glenn



glenn.wagner@shapeblue.com<ma...@shapeblue.com>
www.shapeblue.com<http://www.shapeblue.com>
Winter Suite, 1st Floor, The Avenues, Drama Street, Somerset West, Cape Town  7129South Africa
@shapeblue



From: Andrija Panic [mailto:andrija.panic@gmail.com]
Sent: Monday, 02 October 2017 12:53 PM
To: users@cloudstack.apache.org<ma...@cloudstack.apache.org>
Cc: Glenn Wagner <gl...@shapeblue.com>
Subject: Re: [Site-to-Site IPSEC Slow]

Hi Gian,

can you please try same test with iperf ?

I would check remote side (Openswap Debian), since these are bad numbers, and we never hit similar issue with ACS 4.5 and ACS 4.8 (not yet using 4.9)

FYI, between 2 VPC sites (S-2-S VPN), I was able to get 340 Mbps out of 1Gbps internet connection, so you can't always expect full link performance simply because of IPsec protocol overhead (this is with VRs being resized to 4 x 2GHz CPUs, just for test/fun)...

Best
Andrija




On 26 September 2017 at 15:36, Gian Paolo Buono <gi...@gesca.it>> wrote:
Hi Glenn,

1. ACS version: 4.9.1
2.  Centos 7
3. XenServer 6.5
4. Storage Type: NFS
5. Storage Network 10Gb

the test is with netcat...

thanks


On 09/26/2017 08:23 AM, Glenn Wagner wrote:

Hi,

Can you give us some information about your environment?

1. ACS version: 4.9.2
2. ACS OS version: Ubuntu 14.04 / Ubuntu 16.04, Centos 6/7
2. Hypervisor: Xenserver , KVM ,VMware 5.5/6.0
3. Storage Type , NFS, iscsi , fibre channel
4. Storage Network Speed. 1GB , 10GB

Regards
Glenn


glenn.wagner@shapeblue.com<ma...@shapeblue.com>>
http://mail01.gesca.it:32224/?dmVyPTEuMDAxJiZmNGMwYjFmMDhmODk2OTY3MD01OUQyNzNENl81NjE1XzE5MjgyXzEmJjdiMWU3MjdiMTgxMTFlYT0xMjIzJiZ1cmw9d3d3JTJFc2hhcGVibHVlJTJFY29t<http://www.shapeblue.com><http://www.shapeblue.com><http://www.shapeblue.com><http://www.shapeblue.com>
Winter Suite, 1st Floor, The Avenues, Drama Street, Somerset West, Cape Town  7129South Africa
@shapeblue




-----Original Message-----
From: Gian Paolo Buono [mailto:gianpaolo.buono@gesca.it<ma...@gesca.it>]
Sent: Monday, 25 September 2017 11:54 PM
To: users@cloudstack.apache.org<ma...@cloudstack.apache.org>>
Subject: [Site-to-Site IPSEC Slow]

Hi all,
I have an IPSEC tunnel established between two sites (VPC CloudStack) vs Openswan Debian and both sites get 100Mbps down / 100 Mbps up.
When I send the traffic into the tunnel the max bandwith is 4MB/s, when i send the traffic out the tunnel the bandwith is 12MB/s, any idea ?

Regards
Gian Paolo




--

Andrija Panić

RE: [Site-to-Site IPSEC Slow]

Posted by Glenn Wagner <gl...@shapeblue.com>.

Hi,

Can you check the auth.log file on the VR’s to see if you got any errors, also are you using any private gateways with these VPC’s?

Regards
Glenn



glenn.wagner@shapeblue.com 
www.shapeblue.com
Winter Suite, 1st Floor, The Avenues, Drama Street, Somerset West, Cape Town  7129South Africa
@shapeblue
  
 

From: Andrija Panic [mailto:andrija.panic@gmail.com]
Sent: Monday, 02 October 2017 12:53 PM
To: users@cloudstack.apache.org
Cc: Glenn Wagner <gl...@shapeblue.com>
Subject: Re: [Site-to-Site IPSEC Slow]

Hi Gian,

can you please try same test with iperf ?

I would check remote side (Openswap Debian), since these are bad numbers, and we never hit similar issue with ACS 4.5 and ACS 4.8 (not yet using 4.9)

FYI, between 2 VPC sites (S-2-S VPN), I was able to get 340 Mbps out of 1Gbps internet connection, so you can't always expect full link performance simply because of IPsec protocol overhead (this is with VRs being resized to 4 x 2GHz CPUs, just for test/fun)...

Best
Andrija




On 26 September 2017 at 15:36, Gian Paolo Buono <gi...@gesca.it>> wrote:
Hi Glenn,

1. ACS version: 4.9.1
2.  Centos 7
3. XenServer 6.5
4. Storage Type: NFS
5. Storage Network 10Gb

the test is with netcat...

thanks


On 09/26/2017 08:23 AM, Glenn Wagner wrote:

Hi,

Can you give us some information about your environment?

1. ACS version: 4.9.2
2. ACS OS version: Ubuntu 14.04 / Ubuntu 16.04, Centos 6/7
2. Hypervisor: Xenserver , KVM ,VMware 5.5/6.0
3. Storage Type , NFS, iscsi , fibre channel
4. Storage Network Speed. 1GB , 10GB

Regards
Glenn


glenn.wagner@shapeblue.com<ma...@shapeblue.com>>
www.shapeblue.com<http://www.shapeblue.com><http://www.shapeblue.com>
Winter Suite, 1st Floor, The Avenues, Drama Street, Somerset West, Cape Town  7129South Africa
@shapeblue




-----Original Message-----
From: Gian Paolo Buono [mailto:gianpaolo.buono@gesca.it<ma...@gesca.it>]
Sent: Monday, 25 September 2017 11:54 PM
To: users@cloudstack.apache.org<ma...@cloudstack.apache.org>>
Subject: [Site-to-Site IPSEC Slow]

Hi all,
I have an IPSEC tunnel established between two sites (VPC CloudStack) vs Openswan Debian and both sites get 100Mbps down / 100 Mbps up.
When I send the traffic into the tunnel the max bandwith is 4MB/s, when i send the traffic out the tunnel the bandwith is 12MB/s, any idea ?

Regards
Gian Paolo




--

Andrija Panić

Re: [Site-to-Site IPSEC Slow]

Posted by Andrija Panic <an...@gmail.com>.

Hi Gian,

can you please try same test with iperf ?

I would check remote side (Openswap Debian), since these are bad numbers,
and we never hit similar issue with ACS 4.5 and ACS 4.8 (not yet using 4.9)

FYI, between 2 VPC sites (S-2-S VPN), I was able to get 340 Mbps out of
1Gbps internet connection, so you can't always expect full link performance
simply because of IPsec protocol overhead (this is with VRs being resized
to 4 x 2GHz CPUs, just for test/fun)...

Best
Andrija




On 26 September 2017 at 15:36, Gian Paolo Buono <gi...@gesca.it>
wrote:

> Hi Glenn,
>
> 1. ACS version: 4.9.1
> 2.  Centos 7
> 3. XenServer 6.5
> 4. Storage Type: NFS
> 5. Storage Network 10Gb
>
> the test is with netcat...
>
> thanks
>
>
> On 09/26/2017 08:23 AM, Glenn Wagner wrote:
>
> Hi,
>
> Can you give us some information about your environment?
>
> 1. ACS version: 4.9.2
> 2. ACS OS version: Ubuntu 14.04 / Ubuntu 16.04, Centos 6/7
> 2. Hypervisor: Xenserver , KVM ,VMware 5.5/6.0
> 3. Storage Type , NFS, iscsi , fibre channel
> 4. Storage Network Speed. 1GB , 10GB
>
> Regards
> Glenn
>
>
> glenn.wagner@shapeblue.com<ma...@shapeblue.com>
> www.shapeblue.com<http://www.shapeblue.com>
> Winter Suite, 1st Floor, The Avenues, Drama Street, Somerset West, Cape
> Town  7129South Africa
> @shapeblue
>
>
>
>
> -----Original Message-----
> From: Gian Paolo Buono [mailto:gianpaolo.buono@gesca.it]
> Sent: Monday, 25 September 2017 11:54 PM
> To: users@cloudstack.apache.org<ma...@cloudstack.apache.org>
> Subject: [Site-to-Site IPSEC Slow]
>
> Hi all,
> I have an IPSEC tunnel established between two sites (VPC CloudStack) vs
> Openswan Debian and both sites get 100Mbps down / 100 Mbps up.
> When I send the traffic into the tunnel the max bandwith is 4MB/s, when i
> send the traffic out the tunnel the bandwith is 12MB/s, any idea ?
>
> Regards
> Gian Paolo
>
>
>


-- 

Andrija Panić

Re: [Site-to-Site IPSEC Slow]

Posted by Gian Paolo Buono <gi...@gesca.it>.

Hi Glenn,

1. ACS version: 4.9.1
2.  Centos 7
3. XenServer 6.5
4. Storage Type: NFS
5. Storage Network 10Gb

the test is with netcat...

thanks


On 09/26/2017 08:23 AM, Glenn Wagner wrote:

Hi,

Can you give us some information about your environment?

1. ACS version: 4.9.2
2. ACS OS version: Ubuntu 14.04 / Ubuntu 16.04, Centos 6/7
2. Hypervisor: Xenserver , KVM ,VMware 5.5/6.0
3. Storage Type , NFS, iscsi , fibre channel
4. Storage Network Speed. 1GB , 10GB

Regards
Glenn


glenn.wagner@shapeblue.com<ma...@shapeblue.com>
www.shapeblue.com<http://www.shapeblue.com>
Winter Suite, 1st Floor, The Avenues, Drama Street, Somerset West, Cape Town  7129South Africa
@shapeblue




-----Original Message-----
From: Gian Paolo Buono [mailto:gianpaolo.buono@gesca.it]
Sent: Monday, 25 September 2017 11:54 PM
To: users@cloudstack.apache.org<ma...@cloudstack.apache.org>
Subject: [Site-to-Site IPSEC Slow]

Hi all,
I have an IPSEC tunnel established between two sites (VPC CloudStack) vs Openswan Debian and both sites get 100Mbps down / 100 Mbps up.
When I send the traffic into the tunnel the max bandwith is 4MB/s, when i send the traffic out the tunnel the bandwith is 12MB/s, any idea ?

Regards
Gian Paolo

RE: [Site-to-Site IPSEC Slow]

Posted by Glenn Wagner <gl...@shapeblue.com>.

Hi,

Can you give us some information about your environment?

1. ACS version: 4.9.2 
2. ACS OS version: Ubuntu 14.04 / Ubuntu 16.04, Centos 6/7 
2. Hypervisor: Xenserver , KVM ,VMware 5.5/6.0
3. Storage Type , NFS, iscsi , fibre channel
4. Storage Network Speed. 1GB , 10GB

Regards
Glenn


glenn.wagner@shapeblue.com 
www.shapeblue.com
Winter Suite, 1st Floor, The Avenues, Drama Street, Somerset West, Cape Town  7129South Africa
@shapeblue
  
 


-----Original Message-----
From: Gian Paolo Buono [mailto:gianpaolo.buono@gesca.it] 
Sent: Monday, 25 September 2017 11:54 PM
To: users@cloudstack.apache.org
Subject: [Site-to-Site IPSEC Slow]

Hi all,
I have an IPSEC tunnel established between two sites (VPC CloudStack) vs Openswan Debian and both sites get 100Mbps down / 100 Mbps up.
When I send the traffic into the tunnel the max bandwith is 4MB/s, when i send the traffic out the tunnel the bandwith is 12MB/s, any idea ?

Regards
Gian Paolo