|
|
Den mandag 2.jan kl. 15:28 skrev Alex Brett:
Jon Bendtsen wrote:
Another option could be to prevent new tunnels at the server with the
biggest load, that way new clients will be forced to the 2. server.
This could be done with a statefull iptables firewall that let
existing
tunnels through, but disallows new.
I see what you're saying, it would make the connection process
potentially take slightly longer if it connects to a server that is
not accepting connections, as it would need to fail and then try
the other, but would essentially do what I want - I will experiment
with this...
Let us hear the results and setup, because i havent tried it in real
life.
Jon Bendtsen wrote:
> I was just thinking. Just how many clients do you have such that one
> server can not handle the load? Or how big a pipe do you have?
>
> A via with hardware encryption is PRETTY fast.
It can handle the load, but the applications that are running over
the tunnels are generally very latency sensitive, and I can forsee
problems where with too many users on one endpoint, the latency
will start to creep up - I might be wrong with this of course, I
haven't really been able to test it at very high volumes to
discover if this is the case or not.
Oh, i see your point. I think you can handle this with a firewall
that prioritizes
real time traffic over non-realtime before it reaches the tunnel.
JonB
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|