Compression tests

OpenVPN has built-in support for LZO compression if compiled properly. All Windows binaries have LZO compression available by default. In this recipe, we will show what is the performance of using LZO compression when transferring both easily compressible data (such as web pages) and non-compressible data (such as photographs or binaries).

Getting ready

We use the following network layout:

Getting ready

Set up the client and server certificates using the Setting up the public and private keys recipe from Chapter 2Client-server IP-only Networks. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.11. The first client was running Fedora 22 Linux and OpenVPN 2.3.11. Keep the configuration file basic-udp-server.conf from the Server-side routing recipe from Chapter 2Client-server IP-only Networks, as well as the client configuration file basic-udp-client.conf. The recipe was repeated with a second client running Windows 7 64bit and OpenVPN 2.3.11. Keep the configuration file basic-udp-server.conf from the Server-side routing recipe from Chapter 2Client-server IP-only Networks, as well as the client configuration file basic-udp-client.ovpn from the Using an ifconfig-pool block .

How to do it...

  1. Append the following line to the basic-udp-server.conf file:
    comp-lzo
    

    Save it as example8-6-server.conf.

  2. Start the server:
    [root@server]# openvpn --config example8-6-server.conf
    
  3. Similarly, for the client, add a line to the basic-udp-client.conf file:
    comp-lzo
    

    Save it as example8-6-client.conf.

  4. Start the client:
    [root@client]# openvpn --config example8-6-client.conf
    
  5. Next, we start iperf on the server:
    [server]$ iperf -s
    
  6. First, we measure the performance when transferring data outside of the tunnel:
    [client]$ iperf -c <openvpn-server-ip>
    

    This results in a throughput of about 50 Mbps over an 802.11n wireless network.

  7. Next, non-compressible data:
    [client]$ dd if=/dev/urandom bs=1024k count=60 of=random
    [client]$ iperf -c 10.200.0.1 -F random
    [  4]  0.0-10.0 sec  35.0 MBytes  29.3 Mbits/sec
    

    In the first step, we create a 60MB file with random data. Then, we measure the iperf performance when transferring this file.

  8. And finally, compressible data (a file filled with zeroes):
    [client]$ dd if=/dev/zeroes bs=1024k count=60 of=zeroes
    [client]$ iperf -c 10.200.0.1 -F zeroes
    [  5]  0.0- 5.9 sec  58.6 MBytes  83.3 Mbits/sec
    

    The performance of the VPN tunnel when transferring compressible data such as text files and web pages is shown.

  9. The same measurement can be made using a Windows PC. Add the following line to the basic-udp-client.ovpn file:
    comp-lzo
    

    Save it as example8-6.ovpn.

  10. Start the client.

The results of the iperf measurement are slightly different:

  • Outside the tunnel: 50 Mbps
  • Non-compressible data: 16 Mbps
  • Compressible data: 22 Mbps

Clearly, the OpenVPN configuration needs to be optimized, but that is outside the scope of this recipe. These results do show that for both Windows and Linux clients, there is a significant performance boost when the data that is sent over the tunnel is easily compressible.

How it works...

When compression is enabled, all packets that are sent over the tunnel are compressed before they are encrypted and transferred to the other side. Compression is done using the LZO library, which is integrated into OpenVPN. This compression is done on-the-fly, which means that the compression ratios achieved are not as good as when compressing the data in advance. When transferring text pages, the performance gain is nevertheless significant.

There's more...

When the following configuration directive is used, adaptive compression is enabled by default:

comp-lzo

When OpenVPN detects that a particular piece of data is not compressible, it sends the data to the remote VPN endpoint without compressing it first. By specifying the following on both ends each packet is always compressed:

comp-lzo yes

Depending on the type of data that is transferred, the performance is slightly better.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.225.56.233