Re: maximum performance for 100Mbit/s - how to optimize

> Why using a vpn software for just tunneling data? If you don't want/need 
> encryption then you should take a lot at iproute2. With this tool you are 
> able to build tunnels over IP (without using tcp or udp). It uses it's own 
> protocol, just like the esp/ah protocol from ipsec (but has nothing to do 
> with encryption).

iproute2 tunnels don't just lack encryption, they also lack
authentication.  This makes them unsuited for some applications where
encryption is unnecesary.

iproute2 tunnels come in two flavors, neither of which is specific to
iproute2.  I think they were both originated by Cisco; Cisco routers
can run them, and you can run tunnels between iproute2/Linux and
Cisco.  One flavor uses GRE (Generic Route Encapsulation, I think), a
generic tunnel encapsulation protocol.  GRE can encapsulate just about
any protocol; a GRE tunnel can carry IPX, for example, although I
don't know if the iproute2 implementation supports this.  The other is
IP/IP - IP encapsulated in IP.

My experience is that the iproute2 tunneling is significantly less
robust than OpenVPN (or CIPE) tunneling.  Several years ago I set up a
tunnel for a webcam, with the webcam being at a cable-modem site with
occasional bursts of packet errors.  The tunnel would last only a couple
of days for iproute2 tunnels.  That was significantly better than
TCP-based tunnels, which would usually last only a few hours, but a
lot worse than UDP-based tunnels, which never went down.

That said, I currently run 3 iproute2 tunnels that also never go down
while carrying a boatload of traffic.  Their path across part of the
internet is relatively free of packet problems, but these tunnels have
also survived total outages of the internet links at each end.  (Of
course they dont work while the links are down, but they remain
nominally up and begin working again as soon as the underlying path
is re-established.)

--
Dick St.Peters, stpeters@xxxxxxxxxxxxx 


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com