From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SeTcj-0003rK-Cv for garchives@archives.gentoo.org; Tue, 12 Jun 2012 16:07:18 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 589D6E0605; Tue, 12 Jun 2012 16:06:56 +0000 (UTC) Received: from mail-bk0-f53.google.com (mail-bk0-f53.google.com [209.85.214.53]) by pigeon.gentoo.org (Postfix) with ESMTP id CB4ADE0603 for ; Tue, 12 Jun 2012 16:05:23 +0000 (UTC) Received: by bkcjk13 with SMTP id jk13so5435985bkc.40 for ; Tue, 12 Jun 2012 09:05:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=PPnM8aiYCR+zyVVylIoq/MJUEOuphpa8WUJE7ndLxJw=; b=RmDfJZc/OSltE+nYzJen5GdpWR7TMSYKS+WOasBIrZJuArwv+bRDRwgn3sANVZMTxW k4q3DLD/GXlS1H55AND6NELdgHz2gx83McPDOPDiMAnT3FkXN5FFlqVuPwa6sO11YFqZ VSShe8ETFaI0/RGKaCT8K02vw9DpfXllSxL6kEXiBQGjOFPXj1JdbwBSf7E01l+45TQT ZYGviz7eUfBqVz14lNTtSdCdwH/CQcBqZVhQV2AvSAfNO7mrTyeU3dIYn+cCSiBa+HRA 7jkZk1gWwmoQfgoVpRBe2gxJPhfcUXqulocqlJXtskkO29OVTgTcOawLe11qE/htxiD2 moMg== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.204.156.213 with SMTP id y21mr11948762bkw.91.1339517122845; Tue, 12 Jun 2012 09:05:22 -0700 (PDT) Received: by 10.204.42.207 with HTTP; Tue, 12 Jun 2012 09:05:22 -0700 (PDT) In-Reply-To: References: <5bd4ba758840149a5dabfaf4515eb997.squirrel@www.antarean.org> Date: Tue, 12 Jun 2012 12:05:22 -0400 Message-ID: Subject: Re: [gentoo-user] Traffic shaping - downstream data From: Michael Mol To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: 57d548da-e149-4ebf-acbd-f5de3a212221 X-Archives-Hash: 4f36fc3d2d37e8eaa758f13e5bb5c231 On Tue, Jun 12, 2012 at 11:06 AM, Michael Mol wrote: > On Tue, Jun 12, 2012 at 9:37 AM, Datty wrote: >> On Tue, Jun 12, 2012 at 2:21 PM, Michael Mol wrote: >>> On Jun 12, 2012 8:59 AM, "Datty" wrote: > > [snip] > >>> More detail later...but make sure your vpn link is not TCP. UDP, fine, >>> IP-IP, fine, but not TCP. TCP transport for a VPN tunnel leads to ugly >>> traffic problems. > >> Ah it is TCP at the moment. Not something I could change too easily either. >> Is it possible to work around or is it not worth fighting with? > > If all of these cases are true: > > * You only have TCP traffic going over that VPN > * You don't have any latency-sensitive traffic going over that VPN (no > VOIP, no interactive terminal sessions and you won't pull your hair > out over 10s or more round-trips slowing down page loads) > * You don't have large bulk data transfers going over that VPN (my > best example of personal experience here was trying to locally sync my > work-related IMAP mailbox) > > ...then it's not worth fighting with. I could stand to be more precise and concise: If you're going to use a TCP transport for VPN: * You need to not mix TCP and UDP traffic * You need to not have latency-sensitive traffic. In practice, you'll almost always have some UDP traffic; that's how DNS generally operates. And even where DNS uses TCP, it's still latency-sensitive. So I can be even more concise: If you're going to use a TCP transport for VPN, you must avoid having TCP traffic over that VPN link. -- :wq