What latency should i expect

jadz at toybox.fyremoon.net jadz at toybox.fyremoon.net
Thu Apr 14 01:10:34 CEST 2005


On Mon, 28 Mar 2005, Guus Sliepen wrote:

> The latency you should expect from tinc is the latency of the network
> itself plus the overhead of encryption and authentication in userspace.
> The overhead that imposes depends on how fast the computers are on which
> tinc runs and what the CPU load is on those computers. The overhead from
> tinc I see on i686 computers running at ~200 MHz is 5 ms.
> 
> But there might be other factors influencing latency, although 200 ms on
> a local network does not sound good to me. Could you show me all your
> config files and the output of the ping command?
> 


OK, apologies for the length of this...

 
I changed the VPN so only two of the sites were on line.  The low 
performing ping persisted...

Output is somewhat anonymous


ping directly via the dynamic dns

box1# ping site2.cjb.net
PING site2.cjb.net (8.12.19.7): 56 data bytes
64 bytes from 8.12.19.7: icmp_seq=0 ttl=62 time=2.381 ms
64 bytes from 8.12.19.7: icmp_seq=1 ttl=62 time=3.727 ms
64 bytes from 8.12.19.7: icmp_seq=2 ttl=62 time=2.489 ms
64 bytes from 8.12.19.7: icmp_seq=3 ttl=62 time=2.480 ms
64 bytes from 8.12.19.7: icmp_seq=4 ttl=62 time=3.461 ms
^C
--- site2.cjb.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.381/2.908/3.727/0.568 ms
box1# 

Nice low ping


ping over the VPN

box1# ping site-2-vpn
PING site-2-vpn (10.0.1.1): 56 data bytes
64 bytes from 10.0.1.1: icmp_seq=0 ttl=64 time=197.731 ms
64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=203.417 ms
64 bytes from 10.0.1.1: icmp_seq=2 ttl=64 time=203.556 ms
64 bytes from 10.0.1.1: icmp_seq=3 ttl=64 time=201.513 ms
64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=202.651 ms
^C
--- site-2-vpn ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 197.731/201.774/203.556/2.147 ms
box1# 


Ugly high ping



box1# cat tinc.conf 
Name = 1
PrivateKeyFile = /usr/local/etc/tinc/vpn/rsa_key.priv
TCPOnly = yes
Device = /dev/tap0
AddressFamily = ipv4
ConnectTo = 2
#ConnectTo = 3
#ConnectTo = 4
box1# 

box1# cd hosts
box1# cat 1
Subnet = 10.0.5.0/24
Address = 192.168.0.231
Address = site1.cjb.net
Port = 6666

-----BEGIN RSA PUBLIC KEY-----
<snip>
-----END RSA PUBLIC KEY-----
box1# cat 2
Subnet = 10.0.1.0/24
Address = site2.cjb.net
Address = 192.168.0.15
Port = 6666

-----BEGIN RSA PUBLIC KEY-----
<snip>
-----END RSA PUBLIC KEY-----
box1#



System is FreeBSD 5.3
CPU is a fairly respectable: CPU: AMD Duron(tm) Processor (896.01-MHz 
686-class CPU)
real memory  = 788529152 (752 MB)
avail memory = 761876480 (726 MB)
CPU load averages at the time of testing were : load averages: 0.00, 0.07, 
0.23 pretty quiet.

tinc version 1.0.3 (built Dec 31 2004 09:40:26, protocol 17)





And now at the other end...


box2# ping site1.cjb.net
PING site1.cjb.net (8.1.19.5): 56 data bytes
64 bytes from 8.1.19.5: icmp_seq=0 ttl=127 time=1.933 ms
64 bytes from 8.1.19.5: icmp_seq=1 ttl=127 time=1.983 ms
64 bytes from 8.1.19.5: icmp_seq=2 ttl=127 time=1.933 ms
64 bytes from 8.1.19.5: icmp_seq=3 ttl=127 time=1.980 ms
64 bytes from 8.1.19.5: icmp_seq=4 ttl=127 time=2.979 ms
^C
--- site1.cjb.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.933/2.162/2.979/0.409 ms
box2# 


box2# ping site-1-vpn
PING site-1-vpn (10.0.5.1): 56 data bytes
64 bytes from 10.0.5.1: icmp_seq=0 ttl=64 time=204.427 ms
64 bytes from 10.0.5.1: icmp_seq=1 ttl=64 time=202.173 ms
64 bytes from 10.0.5.1: icmp_seq=2 ttl=64 time=203.155 ms
64 bytes from 10.0.5.1: icmp_seq=3 ttl=64 time=201.098 ms
64 bytes from 10.0.5.1: icmp_seq=4 ttl=64 time=200.193 ms
64 bytes from 10.0.5.1: icmp_seq=5 ttl=64 time=198.081 ms
^C
--- site-1-vpn ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max/stddev = 198.081/201.521/204.427/2.054 ms
box2# 



box2# cat tinc.conf 
Name = 2
PrivateKeyFile = /usr/local/etc/tinc/vpn/rsa_key.priv
TCPOnly = yes
Device = /dev/tap0
AddressFamily = ipv4
ConnectTo = 1
#ConnectTo = 3
#ConnectTo = 4
box2#


box2# cd hosts
box2# cat 2
Subnet = 10.0.1.0/24
Address = 192.168.0.15
Address = site2.cjb.net
Port = 6666

-----BEGIN RSA PUBLIC KEY-----
<snip>
-----END RSA PUBLIC KEY-----
box2# cat 1
Subnet = 10.0.5.0/24
Address = site1.cjb.net
Address = 192.168.0.231
Port = 6666

-----BEGIN RSA PUBLIC KEY-----
<snip>
-----END RSA PUBLIC KEY-----
box2#


System is FreeBSD 5.2
CPU is a fairly respectable: CPU: AMD Athlon(tm) Processor (908.09-MHz 
686-class CPU)
real memory  = 251641856 (239 MB)
avail memory = 238977024 (227 MB)
CPU load averages at the time of testing were : load averages: 0.00, 0.17, 
0.30 pretty quiet.

tinc version 1.0.3 (built Dec 31 2004 09:40:26, protocol 17)




So, I think that is a fairly standard setup, apart from each node having 
two Address entries.  This is for when the two hosts are actually on the 
same local LAN and connecting via the dyndns fails.  It seems to work just 
fine.  Tinc tries to connect in the order the addresses are listed.

Suggestions gratefully received.

Thanks
J



More information about the tinc mailing list