[ovs-dev] issue with OVS with SSL connection

Vishal Swarankar vishal.swarnkar at gmail.com
Fri Dec 24 16:20:19 UTC 2010


Just to add ~

When I make same setup over TCP, instead of SSL, then I don't see any
difference for a packet size > PMTU or < PMTU.

thnx

On Fri, Dec 24, 2010 at 9:44 PM, Vishal Swarankar <vishal.swarnkar at gmail.com
> wrote:

> Hi,
>
> I am doing a basic test of OVS for OVS to NOX connection over SSL.
>
> Setup
> ========
>
> Machine 1 ( OVS, 10.2.0.111 ) -- connected to NOX over SSL ( NOX installs a
> flow : forward all packets to CONTROLLER )
>
> NOX : Whenever a packet comes forward it to all connected DPID.
>
> Machine 2 ( OVS, 10.2.0.121 ) -- connected to NOX over SSL ( NOX installs a
> flow : forward all packets to CONTROLLER )
>
>
> Tests
> ==========
> ping 10.2.0.121
> 9 packets transmitted, 9 received, 0% packet loss, time 8077ms
> rtt min/avg/max/mdev = 1.897/4.439/22.558/6.409 ms
>
> ping -s 1450 10.2.0.121 -c 10
> 10 packets transmitted, 10 received, 0% packet loss, time 9087ms
> rtt min/avg/max/mdev = 1.962/2.272/2.668/0.253 ms
>
>  ping -s 1460 10.2.0.121 -c 10
> 10 packets transmitted, 8 received, *20% packet loss*, time 9087ms
> rtt min/avg/max/mdev = 2.128/2.855/5.691/1.104 ms
>
> ping -s 1472 10.2.0.121 -c 10
> 10 packets transmitted, 8 received, 20% packet loss, time 9098ms
> rtt min/avg/max/mdev = 1.995/2.332/2.684/0.225 ms
>
> ping -s *1473* 10.2.0.121 -c 10   --- CROSSED the MTU size ( PMTU
> discovery results in 1500 )
> 10 packets transmitted, 8 received, 20% packet loss, time 9088ms
> rtt min/avg/max/mdev = *40.655/40.749/40.900/0.258 ms*
>
> =========================
> I have tried this experiment 50000 times with the same results. After a
> packet size of ~1450, I can see packet loss and the moment packet size
> crosses PMTU, the response time jumps 20 times ( from 2 ms to 40 ms ).
>
> I tried to simulate same behavior with a simple tcp client/server. Please
> see the dump of a packet reception and its response from server. The dump
> was taken at eth0 of tcp server.
>
> 10.2.0.201 ( client ) sends a packet of size of 1448 to 10.2.0.121( server
> ).
> ===========================
> 14:10:14.234892 IP 10.2.0.201.5005 > 10.2.0.121.5001: Flags [P.], seq
> 744272:745720, ack 16449, win 30720, options [nop,nop,TS val 2180291 ecr
> 2141105], *length 1448*
> *Immediate ACK from Server Machine* *for 1448 byte packet* -->>
> 14:10:14.234912 IP 10.2.0.121.5001 > 10.2.0.201.5005: Flags [P.], seq
> 16449:16481, ack 745720, win 32, options [nop,nop,TS val 2141106 ecr
> 2180291], length 32
>
>
>
> 10.2.0.201 ( client ) sends a packet of size of 1548 to 10.2.0.121( server
> ).
> ===========================
> 14:12:20.400152 IP 10.2.0.201.5005 > 10.2.0.121.5001: Flags [.], seq
> 29513:30961, ack 640, win 30720, options [nop,nop,TS val 2192911 ecr
> 2153722], *length 1448*
> * A delayed ACK from Server Machine* *for 1448 byte packet* -->>
> 14:12:20.439894 IP 10.2.0.121.5001 > 10.2.0.201.5005: Flags [.], ack 30961,
> win 32, options [nop,nop,TS val 2153730 ecr 2192911], length 0
>
> *Rest of the packet (100 bytes)*
> 14:12:20.440539 IP 10.2.0.201.5005 > 10.2.0.121.5001: Flags [P.], seq
> 30961:31061, ack 640, win 30720, options [nop,nop,TS val 2192911 ecr
> 2153722], length 100
> *Immediate ACK from Server Machine* *for 100 byte packet* -->>
> 14:12:20.440563 IP 10.2.0.121.5001 > 10.2.0.201.5005: Flags [.], ack 31061,
> win 32, options [nop,nop,TS val 2153730 ecr 2192911], length 0
>
>
>
> thanks
> Vishal
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-dev/attachments/20101224/ba7e4c69/attachment-0003.html>


More information about the dev mailing list