Prev: wireless router as Lan adapter
Next: Centralised Wirelss Across several sites?
From: Adair Winter on 2 Jul 2008 10:33
Curious if anyone knows how well or if at all DD-WRT works in a multipoint
VPN enviroment.

What we want to do is interconnect 3 maybe 4 sites together.
After doing some reading it appears that you have a host side and a client
side which I assume the host can support multipul clients. but is that the
only configuration or can I take and connect a node that's already a client
and also use it as a host and allow another client to connect to it?
Reason for asking in the setup we want all sites to be able to communicate
with each other but don't want traffic to have to pass thru the host to get
there. So some sort of a star configuration would be needed.

I realize this is a wireless group but DD-WRT is heavely used here so just
looking for comments.

Thanks,
Adair


From: Bill Kearney on 2 Jul 2008 11:07
You do realize the low-power devices that can run DD-WRT are probably not
ideal for this sort of thing, right?

Doing multi-site interconnects is not trivial. Setting up the routing
tables to avoid congestion can be pretty complex. Trying to daisy-chain
mulitple sites really complicates matters. And besides the routing issues,
you also have to contend with inter-site server and workstation traffic. If
you just "set it up" in a trivial manner you'll have enormous amounts of
bandwidth getting wasted on site-to-site overhead traffic.

Try asking on the dd-wrt forums. Then budget for proper Cisco gear.

-Bill Kearney

"Adair Winter" <adairw(a)swbell.net> wrote in message
news:XlMak.3263$np7.1138(a)flpi149.ffdc.sbc.com...
> Curious if anyone knows how well or if at all DD-WRT works in a multipoint
> VPN enviroment.
>
> What we want to do is interconnect 3 maybe 4 sites together.
> After doing some reading it appears that you have a host side and a
> client side which I assume the host can support multipul clients. but is
> that the only configuration or can I take and connect a node that's
> already a client and also use it as a host and allow another client to
> connect to it?
> Reason for asking in the setup we want all sites to be able to communicate
> with each other but don't want traffic to have to pass thru the host to
> get there. So some sort of a star configuration would be needed.
>
> I realize this is a wireless group but DD-WRT is heavely used here so just
> looking for comments.

From: Adair Winter on 2 Jul 2008 11:28
"Bill Kearney" <wkearney99(a)hotmail.com> wrote in message
> You do realize the low-power devices that can run DD-WRT are probably not
> ideal for this sort of thing, right?
>
> Doing multi-site interconnects is not trivial. Setting up the routing
> tables to avoid congestion can be pretty complex. Trying to daisy-chain
> mulitple sites really complicates matters. And besides the routing
> issues, you also have to contend with inter-site server and workstation
> traffic. If you just "set it up" in a trivial manner you'll have enormous
> amounts of bandwidth getting wasted on site-to-site overhead traffic.
>
> Try asking on the dd-wrt forums. Then budget for proper Cisco gear.
>
> -Bill Kearney
>

I agree, and this is not for an office/work enviroment. It is going to be
used to connect 2 maybe 3 NXU radio liking devices from several places
across the country back to my area. So in reality I only need to be able to
have the server and 1 or 2 clients. Each tunnle will be bridging to another
home network and the only traffic across them will be a single 24Kbps VoIP
stream and managment traffic.
The ability to configure as a star was brought up by someone else but in
reality i do not think it's necessary. If these devices supported host names
and not just static ips they would be placed out on the open internet.

Adair


From: Jeff Liebermann on 2 Jul 2008 12:19
On Wed, 2 Jul 2008 09:33:38 -0500, "Adair Winter" <adairw(a)swbell.net>
wrote:

>Curious if anyone knows how well or if at all DD-WRT works in a multipoint
>VPN enviroment.

Yep. It sucks. You're just not going to get much in the way of
performance from an already overloaded CPU. The problem is that
OpenVPN has to encrypt and decrypt the tunnel at both ends. Crypto
modules burn lots of CPU cycles (and is usually best done in a
dedicated processor). I didn't even bother doing benchmarks with just
one tunnel, as bench tests showed it was obviously far too slow.

If you have a pair of routers loaded with DD-WRT, try a simple end to
end bench test. Setup the WAN ports for different static IP's with
the gateway IP pointing to the opposite router. Interconnect the WAN
ports with an ethernet crossover cable. At 100baseTX-FDX, you should
able to get wire speed of 100 Mbits/sec between routers. In other
words, you're NOT going to be limited by the speed of the simulated
internet connection.

Now, setup a fast computah at each end of the simulation to a LAN
port. Install IPerf or JPerf benchmarking software.
<http://www.smallnetbuilder.com/content/view/30408/235/>
<http://www.smallnetbuilder.com/content/view/30418/235/>
Make sure you use the latest versions. Now run some benchmarks with
and without the VPN. I've only done this once. I got about
35Mbits/sec thruput w/o the VPN, and I vaguely recall only about
5Mbit/sec (or worse) with PPTP running, but without any optimization
or performance tweaking.

More on IPerf and JPerf:
<http://www.openmaniak.com/iperf.php> (near bottom)
<http://code.google.com/p/xjperf/>
<http://xjperf.googlecode.com/files/jperf2.0.0.zip>

>What we want to do is interconnect 3 maybe 4 sites together.

What are you using for connectivity? The CPU can probably handle one
or two tunnels over a slow DSL line or T1.

See benchmarks and comments at:
<http://www.dd-wrt.com/phpBB2/viewtopic.php?p=178704>
With OpenVPN running: 6354/690 Kbits/sec
No VPN running: 26340/723 Kbits/sec

>After doing some reading it appears that you have a host side and a client
>side which I assume the host can support multipul clients. but is that the
>only configuration or can I take and connect a node that's already a client
>and also use it as a host and allow another client to connect to it?
>Reason for asking in the setup we want all sites to be able to communicate
>with each other but don't want traffic to have to pass thru the host to get
>there. So some sort of a star configuration would be needed.

You can have multiple connections, but you have to configure each one
individually. I think you can setup a "star", where you have a tunnel
directly to each other endpoint. That will take some simple static
routing and is fairly easily configured. However, that does help with
the preformance problem, but not much. The CPU is still overloaded.

>I realize this is a wireless group but DD-WRT is heavely used here so just
>looking for comments.

Ask again in the DD-WRT forums.

--
Jeff Liebermann jeffl(a)cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
From: Jeff Liebermann on 2 Jul 2008 12:25
On Wed, 02 Jul 2008 09:19:00 -0700, Jeff Liebermann <jeffl(a)cruzio.com>
wrote:

>More on IPerf and JPerf:
><http://www.openmaniak.com/iperf.php> (near bottom)
><http://code.google.com/p/xjperf/>
><http://xjperf.googlecode.com/files/jperf2.0.0.zip>

One more URL:
<http://www.openmaniak.com/iperf.php> (Tutorial with examples)

--
Jeff Liebermann jeffl(a)cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
 |  Next  |  Last
Pages: 1 2
Prev: wireless router as Lan adapter
Next: Centralised Wirelss Across several sites?