[pptp-server] Severe performance problems

Gianluca Insolvibile g.insolvibile at cpr.it
Wed Dec 12 11:38:48 CST 2001 

Charlie Brady wrote:
> 
> On Wed, 12 Dec 2001, Gianluca Insolvibile wrote:
> 
> > I have seen the recent thread on the 'speed' option, but I am not
> > using that. In my case, I suspect something strange is happening with
> > TCP flow control over the PPTP channel, but just can't imagine what.
> 
> An interesting theory indeed.
> 
> A google search for "nagle tcp" reveals a number of possibilities,
> including:
> 
> http://www.icase.edu/coral/LinuxTCP.html
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;q235624
Thanks. I'll check them out.


> The key negotiation for MPPE might introduce significant latency, and that
> could affect the TCP transmission and retransmission timers.
> 
How often does the key negotiation happen ? I guess it's something in the order
of minutes, which should not disrupt TCP performance so much. Anyway, I'll give
it a try with netperf (in UDP mode).


> Remember too that PPTP packets must come in off the wire, go through the
> kernel, then into pptpd, then through the kernel and into pppd, then back
> through the kernel and into the application on the server. And vice versa
> on the way back out to the client.
This is true, but IMHO it's not enough to justify this poor performance (1.5
Mbps). Also, CPU load should not be the bottleneck in this case since I have the
same throughput with different combinations of client/server CPUs (see my
original post for the specs).


> All this adds up to quite a lot of processing. Add to that 3DES
> encryption/decryption for each packet.
Does MPPE use 3DES ? I thought it used RC-4 ... to me it's a great difference,
since the reason why I am trying PPTP instead of IPsec (w/ 3DES) is that I hoped
to get better performance (I don't know the details of the two algorithms, but
3DES has 168 bits keys, while for MPPE I can choose between 40 and 128 bits - as
you can guess, in my scenario performance is more important than security ;-).
This leads me to an important question, which I will ask in a separate thread
for the sake of clarity.

Incidentally, when I played with IPsec tunnels (FreeS/WAN and PGPnet) using
3DES, performance was around 16 Mbps (client and server were two P-III 800 Mhz).
That's about ten times the one I'm getting with PPTP, and that's the reason why
I am looking for causes inside TCP/PPTP.


Gianluca

> 
> Charlie Brady                         charlieb at e-smith.com
> Lead Product Developer
> Network Server Solutions Group        http://www.e-smith.com/
> Mitel Networks Corporation            http://www.mitel.com/
> Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739

More information about the pptp-server mailing list