This recipe is a continuation of the previous recipe, but here we will focus on the performance difference between tunneling Pv4 traffic and IPv6 traffic. In this recipe, we will run iperf
over the VPN tunnel using IPv4 addresses and IPv6 addresses inside the tunnel, after which the differences in performance will be explained.
We use the following network layout:
Set up the client and server certificates using the Setting up the public and private keys recipe from Chapter 2, Client-server IP-only Networks. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.11. The client was running Fedora 22 Linux and OpenVPN 2.3.11. Keep the configuration file example-2-4-server.conf
from the Adding IPv6 support recipe from Chapter 2, Client-server IP-only Networks, as well as the client configuration file basic-udp-client.conf
.
[root@server]# openvpn --config example-2-4-server.conf
[root@client]# openvpn --config basic-udp-client.conf ... ... Initialization Sequence Completed
iperf
on the server: [server]$ iperf -s
[client]$ iperf -l 1M -n 8M -c 10.200.0.1 [ 3] 0.0-17.0 sec 8 MBytes 3.95 Mbits/sec
[client]$ iperf -l 1M -n 8M -c 2001:db8:100::1 [ 3] 0.0-17.7 sec 8 MBytes 3.78 Mbits/sec
This shows a performance difference of roughly 5%. This difference is measured consistently over all types of networks.
An IPv6 address is longer than an IPv4 address. The source and destination addresses for all packets are stored inside the encrypted packets that go over the OpenVPN tunnel. Thus, the larger the addressing scheme used, the less bytes are left for the actual "payload". An IPv6 packet can actually carry 20 bytes less "payload" than an IPv4 packet. These 20 bytes account for the 5% performance difference. There is very little that can be done about this.
Tuning network performance depends heavily on the network characteristics, as well as the tuning tools used, as is outlined in more detail here.
Both the client and the server iperf
processes report the network throughput after an iperf -c
session has ended. Practice shows that the numbers reported by the server used in this recipe were more accurate than the numbers reported by the client. Also, more accurate results are achieved by running iperf
with a fixed data size instead of the default fixed time interval of 10 seconds. We specify a fixed block size (1 Megabyte) and a fixed total size (8 Megabyte) using iperf -l 1M -n 8M -c <IP-address>
.
This increases accuracy and improves the consistency of the numbers reported on the client and server side.
3.144.117.167