NFS Over OpenVPN: Top Performance Boosters
I have two VPS's - One is running 2008 Server R2 and the other is a Ubuntu 12.04 installation. I am using the Windows VPS for RD sessions for Quickbooks and a couple other apps and using the Ubuntu VPS as a NFS file store as well as a OpenVPN endpoint. The problem is that NFS performance through the VPN is downright horrible and by this I mean often times it wont even connect and times out frequently.
If I set up the NFS outside the tunnel performance is okay...not great but manageable so I know its the VPN tunnel.
Are there any tweaks for openvpn or NFS I can play around with to boost performance?
Solution 1:
I have played with NFS configuration with openvpn on ADSL connection, I have tried different NFS mount options, here you can find the complete post: NFS over OpenVPN over ADSL(or slow connection)
I quote here the interesting parts: I have read lot of posts and I have tried the reasonable subset of suggested solutions, this is the summary of the best tips:
- use a NFS packet size smaller than littler MTU size (default is 8Kbytes, new values should be littler than 1500bytes, few guys suggest 1024bytes)
- use NFS TCP connection type; do not use UDP on ADSL/WANs
- use the NFS async option
- do not set very small timeouts, left the default 60 secs (timeo=600) or.. I have tried with success 10secs (timeo=100) too
- with the hard mount option, let's add the intr option
For linux users, here is a little fstab configuration example for soft mounts:
servername:/shared/ /mnt/foldername/ nfs rw,suid,dev,soft,exec,nouser,async,noauto,timeo=100,user,rsize=1024,wsize=1024,tcp 0 0
and here, for hard mounts:
rw,suid,dev,intr,exec,nouser,async,noauto,timeo=100,user,rsize=1024,wsize=1024,tcp 0 0
NFS over vpn+adsl is still dramatically slow (at the moment I am transferring files at about 150 KB/sec, and this is far better than without the proposed changes). Please consider that my 7Mbit ADSL has a download bandwidth of 800KB/sec.
PS: I'll also check the openvpn fragmentation later, thanks for sharing. Hope that my findings are going to useful too.
PS2: These tips have worked fine in my environment and I got two positive feedbacks from different guys.
Solution 2:
I did all the tweaks to get the optimal NFS performance over an ipsec link and "ls /mnt/remote1/etc" was still taking 12.5s. (i'm 280ms away and 13Mbps/2Mbps is my slowest link)
After some searching, I kept coming across WebDAV as an alternative. I'm using Apache with webdav and davfs2 on the client to mount the share. With this setup the ls went from 12.5 secs to 1.5 secs, and I'm getting 10Mbps download speeds. Very usable now.
If you want root access, then you need to build apache with "CFLAGS=-DBIG_SECURITY_HOLE". This is OK for me as all the users have root access, and I'm also only serving webdav via the ipsec tunnel.
Solution 3:
A few things to try:
Look at the following options in OpenVPN: fragment, mssfix, link-mtu. Basically, everything that has to do with packet size and fragmentation. Too small VPN packets may degrade performance by fragmenting NFS packets. OTOH, too large VPN packets may degrade performance because some routers don't handle them well. It's hard to draw a simple, general rule here.
Try to enable/disable compression on OpenVPN and see how that influences performance.
Make sure your VPN server uses UDP for transport, not TCP.
On the NFS client side, look at the options: retrans, rsize, wsize - or anything else related to packet size and error handling. Depending on your situation, smaller packet sizes may actually improve performance (on a LAN the opposite is typically the case).
There is no sure-fire answer to this type of problem, but the issue is likely to be in the areas indicated above.
Solution 4:
These tips from Fabiano Tarlao are very helpful: https://thegoodcodeinn.blogspot.be/2015/06/nfs-over-openvpn-over-adslor-slow.html?showComment=1488621905080#c2984550821264645538
I use this kernel parameter on my Casper Netboot over OpenVPN site-to-site tunnel:
NFSOPTS=tcp,intr,timeo=100,rsize=1024,wsize=1024