High concurrent http requests through VPN tunnel problem

[uangdoudou]

Hi all
I have a problem about high concurrent http requests through VPN tunnel.
----------------------------------------------------------------------------------------------------------------------------------------------
environment :
two machines : one acts as a http client, the other on acts as a http server
OS : CentOS 7 on both machines
result of uname -a : Linux hostname 3.10.0-123.9.3.el7.x86_64 #1 SMP Thu Nov 6 15:06:03 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
SoftEther version : 4.20
----------------------------------------------------------------------------------------------------------------------------------------------
How I configure SoftEther :

I configured a virtual Hub on the server machine, and also a vpnclient logging on itself (that is logon to 127.0.0.1) with a vpn IP 192.168.30.2. And the server machine has a physical IP 10.10.10.2.

on the client machine, I configured a vpnclient logging on to the hub on server machine with a VPN IP 192.168.30.1 on the client machine. And the physical IP of client machine is 10.10.10.1.

So, both of my two machines have a VPN IP and a physical IP as figured below
_____________ _____________
| 10.10.10.1 | --------------physical link-----------------------| 10.10.10.2 |
| | | |
| client machine | | server machine |
| | | |
| 192.168.30.1 | ----------------VPN tuunel----------------------| 192.168.30.2 |
----------------------- -----------------------
----------------------------------------------------------------------------------------------------------------------------------------------
The test I did and my question :

I am doing a high concurrent http request test between the two nodes. The http server is on the server machine named 10.10.10.2 while the client is 10.10.10.1. I use a tool to generate high-load http requests from client, which my be 2000 requests/s.

If I set the destination IP as the physical IP, 10.10.10.2, the server will be able to afford the high-load request with no errors. But if I change the destination IP to VPN IP 192.168.30.2 letting the requests go through VPN tunnel, the server cannot afford such high load as physical link. For example the concurrent will decrease from 2000 requests/s to 1000/s.

When using VPN tunnel, cpu is not occupied to full and free memory is enough, and the VPN tunnel bandwidth doesn't decrease to half of the physical link. So the decrease of concurrent do not seem to be caused by cpu, memory or bandwidth.

Finally, my question is whether I have configure SoftEther properly and what causes my probelm?

thanks a lot.

[thisjun]

How to archive concurrent request?

I think tap device may be one of cause.
Because universal tap device can only pass one packet per IO.
So, many packet makes many context switch.


And, of course, encrypting makes some delay when you use VPN. This may be another cause.