Inquiry of performance bottleneck

Nikos Mavrogiannopoulos n.mavrogiannopoulos at
Sat Jan 9 12:11:37 PST 2016

On Sat, 2016-01-09 at 19:45 +0800, Yick Xie wrote:
> Hi everybody,
> I have several questions about the speed of our ocserv, looking to
> some interpretation.
> As I monitored before, the ocserv can reach up to 300-500KB/s for 
> each
> connection when the network got a little congested, though the speed
> could multiple several times nearly to 3MB/s even more perhaps when I
> visited the, and etc.. These websites just
> utilize multiple connections via 8080 port. It's same(linear 
> addition)
> when I just multi-requested a url download using chrome at one 
> moment.
> No matter how I tested, the ping response to the  VPN gateway never
> glitched(avg 50ms, StDev 5ms, loss rate 1%). The CPU load was only 5%
> at most, and still with about 100M remaining memory.

Well if you have not much CPU load I think you should investigate
further. It is best to compare direct routing (no VPN) vs routing via
VPN, so that you have an idea what's the maximum limit of your line.
Overall I'd expect the encryption to be the bottleneck in addition to
context switching, and both take cpu time.

I'd start by using nuttcp for measurements.

> In a word, I am not sure where the bottleneck lies. I saw some
> analysis about the bottleneck of virtual adapters, does it mean the
> ocserv also got a performance loss due to syscall? Or is there any
> tool I can use to detect?

yes, but that would be visible in the load of your server. What I can
speculate from the information you have is that the bandwidth is
somehow limited (either from your provider, or from ocserv itself (see


More information about the openconnect-devel mailing list