Ask Your Question
0

VPNaas bandwidth is too low

asked 2019-11-30 08:24:27 -0600

mr-han gravatar image

updated 2019-12-10 19:32:23 -0600

This bandwidth is only about 800-900 Mbits/sec , Only 10% of the bandwidth between physical nodes. How can I improve my bandwidth when using a VPNaas ?

Environmental information:

file :  /etc/neutron/neutron_vpnaas.conf
service_provider = VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

file: /etc/neutron/l3_agent.ini
vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver

OpenStack Rocky ovs + vlan + Centos7
network-1      192.168.113.12
network-2      192.168.113.13
compute-1     192.168.113.10
compute-2     192.168.113.15
router-1         192.168.130.41           netns on  network-1  node
router-2         192.168.130.47           netns on  network-2  node
vm1               192.16.11.19              on compute-1
vm2               192.16.12.7                on compute-2

Between two physical network nodes:

 iperf -c 192.168.113.13 -t 600 -P 4     ### 
------------------------------------------------------------
Client connecting to 192.168.113.13, TCP port 5001
TCP window size:  459 KByte (default)
------------------------------------------------------------
[  4] local 192.168.113.12 port 8963 connected with 192.168.113.13 port 5001
[  5] local 192.168.113.12 port 8965 connected with 192.168.113.13 port 5001
[  3] local 192.168.113.12 port 8967 connected with 192.168.113.13 port 5001
[  6] local 192.168.113.12 port 8969 connected with 192.168.113.13 port 5001
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-600.0 sec   171 GBytes  2.44 Gbits/sec
[  3]  0.0-600.0 sec   171 GBytes  2.44 Gbits/sec
[  5]  0.0-600.0 sec   160 GBytes  2.29 Gbits/sec
[  6]  0.0-600.0 sec   160 GBytes  2.29 Gbits/sec
[SUM]  0.0-600.0 sec   661 GBytes  9.47 Gbits/sec

Between two physical compute nodes:

 iperf -c 192.168.113.15 -t 600 -P 4
------------------------------------------------------------
Client connecting to 192.168.113.15, TCP port 5001
TCP window size:  289 KByte (default)
------------------------------------------------------------
[  4] local 192.168.113.10 port 9582 connected with 192.168.113.15 port 5001
[  3] local 192.168.113.10 port 9584 connected with 192.168.113.15 port 5001
[  6] local 192.168.113.10 port 9586 connected with 192.168.113.15 port 5001
[  7] local 192.168.113.10 port 9588 connected with 192.168.113.15 port 5001
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-600.0 sec   142 GBytes  2.03 Gbits/sec 
[  6]  0.0-600.0 sec   155 GBytes  2.21 Gbits/sec
[  3]  0.0-600.0 sec   170 GBytes  2.43 Gbits/sec
[  7]  0.0-600.0 sec   195 GBytes  2.80 Gbits/sec
[SUM]  0.0-600.0 sec   661 GBytes  9.47 Gbits/sec

When I use Vpnaas plugin ( IPsec vpn ) connect two networks:

[root@vm-1 ~]# iperf -c 192.16.12.7 -t 60 -P 4
------------------------------------------------------------
Client connecting to 192.16.12.7, TCP port 5001
TCP window size:  170 KByte (default)
------------------------------------------------------------
[  6] local 192.16.11.19 port 50778 connected with 192.16.12.7 port 5001
[  4] local 192.16.11.19 port 50774 connected with 192.16.12.7 port 5001
[  3] local 192.16.11.19 port 50772 connected with ...
(more)
edit retag flag offensive close merge delete

Comments

How do you choose drivers to improve performance ? LibreSwanDrive or strongswan ?

mr-han gravatar imagemr-han ( 2019-12-01 07:40:33 -0600 )edit

Benchmarking and Performance testing

https://libreswan.org/wiki/Benchmarking_and_Performance_testing
mr-han gravatar imagemr-han ( 2019-12-03 20:52:44 -0600 )edit
add a comment

1 answer

Sort by » oldest newest most voted
0

answered 2019-12-10 01:31:43 -0600

mr-han gravatar image

By optimizing the encryption algorithm and MTU, the performance improved significantly

edit flag offensive delete link more

Comments

What did you change the encryption and MTU to? We are seeing less than 10mb/s

Bgreene-ACS gravatar imageBgreene-ACS ( 2020-02-19 11:10:46 -0600 )edit

phase2alg=aes_gcm-null;modp2048 mtu = 9000

mr-han gravatar imagemr-han ( 2020-04-26 03:34:02 -0600 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

subscribe to rss feed

Stats

Asked: 2019-11-30 06:59:37 -0600

Seen: 106 times

Last updated: Dec 10 '19

Related questions

Queens VPNaaS fails

VPN-IKEPOLICY-CREATE fails in havana release

Where to find Neutron's VPN service

icehouse - not able to install vpnaas

can't established a tunnel with VPNaas on Devstack, error no IKE config found

VPN Site connection reset state

VPNaaS, FWaaS and LBaaS on Openstack Icehouse

[Openstack][vpn as a service] issue

IPSec Site Connection between two openstack status is down

VPNaaS Liberty error while create IPsec site connections