few days ago, after 19 weeks of waiting, i have finally received my raspberry pi.
raspbian feels incredibly familiar, after all it’s just debian. i’ve spent one evening trying the graphical part – checking different websites under midori [verdict: not really a desktop browsing experience, but good enough to connect it to 40″ flat screen and render some dashboards]; xbmc media player did not work for me [yet], but omxplayer did.
the next step – checking what use can i make of it in the networking world. one of potential use cases is router-on-a-stick and openvpn endpoint.
i have connected raspberry [raspberrypi] and some old pc running linux [pqd] into the same lan and run unscientific test using wget. i got:
2012-12-22 11:27:51 (11.2 MB/s) - `/dev/null' saved [94682416/94682416]
89Mbit/s for bulk traffic without encryption, that’s an order of magnitude more than i would transfer via it [having typical office router in mind attached to an ADSL line].
test of available bidirectional traffic checked with iperf gave me ~89Mbit/s down and ~30Mbit/s up.
i have configured openvpn to use simplest/least secure preshared key and run the same test via the encrypted tunnel having following configs:
pqd:~# cat /etc/openvpn/server.conf dev tun3 ifconfig 10.8.0.1 10.8.0.2 secret static.key # key was generated by running openvpn --genkey --secret static.key port 2011 proto udp root@raspberrypi:/home/pi# cat /etc/openvpn/client.conf dev tun3 ifconfig 10.8.0.2 10.8.0.1 secret static.key port 2011 proto udp remote 10.0.0.1
downloading the same file but via the vpn:
2012-12-22 11:39:45 (1.57 MB/s) - `/dev/null' saved [94682416/94682416]
12.5Mbit/s this time for bulk traffic via openvpn. let’s see what happens if we disable encryption by commenting out the secret line and adding:
cipher none auth none
this time i got 24Mbit/s. so the price of additional round-trip kernel->userland[openvpn]->kernel is quite high – 89-24=65Mbit/s of the performance lost; encrypting the data gives additional hit of 11Mbit/s.
how about latency? pinging directly via ethernet gives me response times of ~0.5ms; via encrypted openvpn: 1.5ms; via unencrypted openvpn: ~1.2ms.
while playing with different configuration i’ve found Optimizing performance on gigabit networks article which goes much more into the details.
i’ve also tested tagged vlans. it ‘just worked’ – no surprises here.