n2n network performance very slow

[dinopio]

I have tried to do some speedtests:

1. from edge1 -> edge2 i only get 100mbit
2. from same servers without n2n i get 1gbit

why is there such a huge loss in performance ? the cpu usage for edge when transferring files is 100% on the core it executes on. (is it an CPU / IO issue?) MTU setting not changed (default to 1400)

I am sure i am not sending packets via the supernode , checked with iftop -i n2n0

[lucaderi]

The TUN/TAP interface can be the cause. Please check without n2n how much you can get with TUN/TAP and let's draw some conclusions

[lucaderi]

You can try tools like simpletun https://backreference.org/2010/03/26/tuntap-interface-tutorial/ to evaluate that even though it uses TCP and not UDP. Please also try to use wireshark to see if everything is ok or you see issues?

[dinopio]

ok will test and report back thank you

[dinopio]

Current test setup with slow speeds.

Edge1 (behind NAT) -d=n2n0 -c=mynetwork -k=passwordremoved -a=10.1.0.10 -p=31338 -l=supernode1:31337 -l=supernode2:31337

Edge2 (behind NAT) -d=n2n0 -c=mynetwork -k=passwordremoved -a=10.1.0.11 -p=31338 -l=supernode1:31337 -l=supernode2:31337

Supernode1 (public ip no NAT) -l=31337

Supernode2 (public ip no NAT) -l=31337

[lucaderi]

[lucaderi]

In essence it seems that the two edge nodes are unable to speak directly but they always go through the supernode

[dinopio]

After testing I think I found why the bandwidth throughput is slow (8MB/s on 1Gbit connection) edge runs on a single core and encrypts the data (not hardware accelerated?)

When starting a second edge on the same machines (which runs on another cpu core) i can pass double the bandwidth concurrently.

If its not a TUNTAP issue can it be a cipher issue? I dont know if twofish is hardware accelerated

[lucaderi]

The problem you reported is that n2n assumes it is used in long distance (Internet). In the case of your setup you are behind a firewall and thus the supernode knows the edge peers with the public IP. We need to add a patch that in case the IP address is the same thet can talk directly. Thing that is not possible (I mean the P2P) because of the NAT

[lucaderi]

As of the CPU hog, in order to have portable code, we do not use hardware acceleration for encryption correct. I need to split this ticket and open a new one for CPU (see #48 ).

[lucaderi]

Using https://github.com/gregnietsky/simpletun reports 800 Mbit, with n2n 64 Mbit

[lucaderi]

See https://github.com/ntop/n2n/commit/3acd7a0e8956a67b348512e6f4c0ceedf64b6a43

[lucaderi]

Can you please omit -k parameter to avoid encryption and report the encryption overhead

[dinopio]

with encryption is the bottom test. huge difference

[emanuele-f]

n2n can now use AES (-A option) which is usually hardware accellerated, it usually provides a 7x boost over the twofish. This is enough for now. The benchmark tool can be used to perform tests.

[mkmark]

Performance issue even more severe here, without any clue. Testing using iperf3, n2n @ 5Mbps, LAN @ 120Mbps. Testing using windows file copy, n2n @ 12Mbps, LAN @200Mbps. Ping < 1 ms between 2 nodes, meaning a direct connection must have been established.

Command on both edge nodes: edge -c [same name] -k [same pwd] -a [different ip] -l [server:port] -A

Platform: LAN access between 2 edge nodes. Both edge nodes are win10 using latest dev branch. (tried 2.4 same result) 60 Mbps access between super node and edge nodes. (but shouldn't be of any problem as analyzed before) Both TAP device showing connection speed at 1.0 Gbps in connection status.

Tried: -A does not have any effect in my situation. -k cannot be omitted otherwise edge won't start. benchmark showing 1665.5, 37.7, 169.7MB/s for null, twofish, AES respectively.

Anything I can do to help fix this problem?

[emanuele-f]

Can you provide the output of the benchmark command?

[mkmark]

Can you provide the output of the benchmark command?

I just tested again

Edge node 1 Run enc[transop_null] for 3s (512 bytes): 42333622 packets 14109.5 Kpps 7224.1 MB/s Run enc[transop_twofish] for 3s (512 bytes): 575548 packets 191.8 Kpps 98.2 MB/s Run enc[transop_aes] for 3s (512 bytes): 690308 packets 230.1 Kpps 117.8 MB/s

Edge node 2 Run enc[transop_null] for 3s (512 bytes): 30017013 packets 10003.2 Kpps 5121.6 MB/s Run enc[transop_twofish] for 3s (512 bytes): 492539 packets 164.2 Kpps 84.1 MB/s Run enc[transop_aes] for 3s (512 bytes): 657049 packets 219.0 Kpps 112.1 MB/s

[emanuele-f]

Can you try to remove the -k option on both the edge nodes to disable encryption and see how it behaves?

[mkmark]

Yeah! I guess last time I forgot to omit -A with -k. Now it works, but the speed doesn't change much... Testing using iperf3, n2n @ 15.1Mbps, LAN @ 118Mbps. Testing using windows file copy, n2n @ 15Mbps, LAN @192Mbps.

[emanuele-f]

So the problem seem to be on the tap device itself. Have you installed the "tap-windows" drivers from OpenVPN as described in https://github.com/ntop/n2n/blob/dev/doc/Windows.md#requirements ?

[mkmark]

I did. Is there anything I need to pay attention to when installing tap device? The property tab of the connection shows that TAP device is working at 1 Gbps. I guess the problem is beyond our reach if it's really caused by tap device, right?

[emanuele-f]

A way to ensure that this is actually linked to the tap device would be to set up another software using that driver (e.g. OpenVPN) and see if the problem still reproduces