10G Linux VPN performance [closed] - linux

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I have a Linux box wich has several 10 Gbe interfaces. What I want is to make a crypto-tunnel that has an ability to process 10 Gbit/s traffic as well as 10 Gbit/s router/firewall. There are some ways to achieve this but as I see it all the ways are brings to user-space or kernel-space processing.
As for the user-space solution, I suppose TUN/TAP device. But my experiments shows me that single TUN-device has performance limit at 1 Gbit/s boundary. I try some kind of TUN's aggregation and it gives me about 3.5 Gbit/s on 8xCPU XEON configuration (w/o encryption thought)
As for the kernel-space solution, I suppose that it might be faster than user-space, but it has another degree of complexity....
Has anyone has knowledge of how to make 10th Gbit/s Linux-based VPN solution?
UPD #1
Software solution wanted

TOE (TCP Offload Engine) is both your friend and enemy here.
TOE is the network card equivalent of a GPU from a graphic card along with something like DMA (Direct Memory Access) used by old style hard drive controllers. It allows for offloading the work of the TCP/IP stack to the NIC instead of running it through motherboard front side bus and CPU which are bottle necks for data being processed at this speed.
In order for what you are asking to work you will need your 10Gbps cards to have TOE (hardware acceleration) enabled in the OS and drivers. I worked on a project similar to this using a Cisco Nexus switch and some $5500 NIC cards about three years ago so I'm a little out of date on the technology. I'm betting things have moved along and costs gone down.
If you have already solved the TOE issue, then ignore my response.

Related

Jetson Xavier NX bringing down network when connected [closed]

Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 days ago.
Improve this question
I have 2 Jetson Xavier NX's (Jetpack 4.6.1) that are connecting to IP cameras and running a few Docker containers each that will occasionally (about 25% of the time after rebooting) start increasing network latency for all machines connected to the modem until the entire building can't reach the internet.
I've tried to isolate the problem machine by putting a switch between the router and modem and connecting a second router to the switch to create another network for just the Jetson, and it still blocked access to the internet.
I've tried monitoring network interface statistics when this happens with bmon, but it doesn't show any particularly large data/packet transmissions on any interface
I've tried pausing, stopping, and removing containers
Changing route metrics and removing routes
Deactivating interfaces and trying to connect via a usb-ethernet adapter
Connecting via wifi (both 2.4 and 5g) and ethernet (simultaneously and on their own)
None of these have worked to reliably solve the problem while still allowing the Xavier to access the network/internet and the only thing that seems to affect it is whether or not the IP camera is connected to the Xavier. When the camera isn't connected it's more likely to happen, although not guaranteed, and I haven't seen this issue happen when the camera is connected

Have I been hardware hacked/backdoored? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I'm on Linux Mint, never connected to the internet for weeks, and still not connected, doing some python programming (Python 3.6).
I happened to look at the firewall program in it 'report' section and see this
(please not that the firewall was actually set to ALLOW outgoing until I changed it just before this screenshot (it was only set to block incoming). Again, to my knowledge I am not, and have not, been connected to the internet at all and my networking is turned off.:
I'm not a network programmer, but this seems to be showing that these applications have been accessing network ports, correct?
Why would python 3.6 (which I was using) be on this list or ever need to connect to any port at all?? Am I looking at nefarious activity here?
I've heard that software can be placed directly on the hardware of a system. IS it possible that my network interface card could be activated and used without giving any indication?
And again, why would my python 3.6 application be on a firewall report at all?
I'm very concerned about this. Can someone enlighten me?
What you are looking at are mostly servers that are listening for incoming connections. That certainly covers ntpd, cups, ntpd.
It looks like some python programs have also been listening for connections, maybe as part of your programming exercises.
The fact that programs are listening for incoming connections doesn't mean anything has actually connected to them, or even that anything could.
An address of "*" indicates that it's a potential connection, not an actual connection that happened.

Feel Management Stress test [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I am working on a fleet management system that track a fleet fo ambulance using tracking device "Teltonika FMXXXX".
The system should finally operate almost 1400 ambulance, recording their history (Position, speed, ...) and online tracking.
I need to do a stress test on the server. I need to ensure that the 1400 devices will operate probably and the server can handle them.
I need to know how to simulate 1400 devices that send there data packet through TCP protocol?
The only way to do this is to write a basic teltonika GSM-GPS module emulation program that connects to your server and send some fake location etc as many times as you want.
In order to do that you have to read your FM-xxxxx device protocol and see how teltonika's protocol works.
Usually those kind of device protocols are proprietary and you have to ask the ventor (teltonika) to provide you more info about the protocol, in order to implement the whole communication scenario.
you can take a look at this pdf Teltonika FM Protocol

Is there a performance difference between running elasticsearch on Linux or Windows? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
elasticsearch can be started as a Windows or Linux service. Is there is any better performance in running it in one environment versus the other in production?
The advantage of using linux for running elasticsearch is that the vast majority of elasticsearch users use this and most of the optimization efforts are linux focused. There's a lot of knowledge out there on how to tune and optimize elasticsearch on linux.
A lot of that probably ports over to windows but it is fundamentally very different in how it behaves with a different kernel, filesystem, networking, etc. I expect things probably work fine in windows but fundamentally you are pretty much on your own tuning it and diagnosing any issues you encounter.
The only reason I could see for attempting to run Elasticsearch in windows at all are 1) you have windows servers available and want to utilize them and it is not negotiable to format their drives with something more sane like Ubuntu or centos 2) it's a small non, mission critical setup where you don't actually care about tuning things or getting meaningful support for any issues you encounter and you happen to have some windows machines available for running elasticsearch.
So, unless you really want to use windows, you probably shouldn't.
The answer to this question is going to be a big fat "it depends." I have to respond to whole-heartedly disagree with the other answer. I have Elasticsearch deployed to production on Amazon Web Services as a Windows service for an enterprise-level application and have never had any problem tuning it or finding help in that regard. The other answer has a point to the extent that the official Elasticsearch documentation apparently assumes you're going to be using Linux, but that's their problem. It does not mean you're going to be on your own.
I suppose that it would be possible to get some comparable hardware and run benchmarks if you really want to find out which one you can make faster, but who has time for that? I doubt that such an experiment would make a difference to anyone but the largest websites on the Internet anyway.
That said, Elasticsearch is built for clustering. You scale by throwing more hardware at it. Linux is necessarily going to be cheaper if for no other reason than that you won't have to pay licensing costs. Unless you already have the hardware or virtual machines, you are most likely going to get more bang for your buck with Linux.

Network usage top/htop on Linux [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
Is there a htop/top on Linux where I get to sort processes by network usage?
NetHogs is probably what you're looking for:
a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process.
NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to identify programs that have gone wild and are suddenly taking up your bandwidth.
Since NetHogs heavily relies on /proc, most features are only available on Linux. NetHogs can be built on Mac OS X and FreeBSD, but it will only show connections, not processes...
Also iftop:
display bandwidth usage on an interface
iftop does for network usage what top(1) does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Handy for answering the question "why is our ADSL link so slow?"...
iptraf is my favorite. It has a nice ncurses interface, and options for filtering, etc.
jnettop is another candidate.
edit: it only shows the streams, not the owner processes.
ntop or nagios
Check bmon. It's cli, simple and has charts.
Not exactly what question asked - it doesn't split by processes, only by network interfaces.
Another option you could try is iptstate.

Resources