openvpn and system overhead
Wojciech Puchar
wojtek at puchar.net
Fri Apr 19 16:40:41 UTC 2019
> Using a tun/tap device incurs an additional context switch in each direction, as you’re basically running the program to send data (say, ‘ping’ or ’ssh’), and another program is used to encrypt and encapsulate the packet before it leaves the machine. The process is roughly the same on the other side. So you get twice the copies, and twice the number of context switches. Making things worse, the “IP stack” inside OpenVPN is single-threaded, and processes one packet at a time, so all the overheads accrue to each packet, rather than being amortized across several packets.
it would be very good for tun device to have option (switchable by ioctl)
so read will receive a bunch of packets up to read size, and write can
send a bunch of packets.
More information about the freebsd-hackers
mailing list