IPIP tunnel speed decreases if idle
Clash Royale CLAN TAG#URR8PPP
I've set up an IPIP tunnel on 2 deb9 hosts for public IP routing and it kinda works. I can reach both ends, but if I let it idle for a bit, the speed decreases. After a while I can't even reach it anymore. If I send data (e.g. ping) through the tunnel from the host, the IPs are routed to, it wakes up again. What could be causing this?
OT:
I've tried GRE tunnels as well, but that just doesn't work as it should. It delivers 1.5mbit/s speeds on a gigabit link.
linux debian networking deb
add a comment |
I've set up an IPIP tunnel on 2 deb9 hosts for public IP routing and it kinda works. I can reach both ends, but if I let it idle for a bit, the speed decreases. After a while I can't even reach it anymore. If I send data (e.g. ping) through the tunnel from the host, the IPs are routed to, it wakes up again. What could be causing this?
OT:
I've tried GRE tunnels as well, but that just doesn't work as it should. It delivers 1.5mbit/s speeds on a gigabit link.
linux debian networking deb
MTU/Keepalive issues. and having the TCP control/negotiation algorithms being applied twice (outside/inside the tunnel). Those are known limitations, not specific to Linux
– Rui F Ribeiro
Feb 24 at 15:34
And what could I do about the second part? I've tried changing the MTU, but that didn't help (atleast with the values i tried). I am running a ping session as a keepalive, but that only keeps it alive, the speed still goes down.
– Martin Magyarics
Feb 24 at 20:09
They are known issues of doing IP in top of IP, or even SCP on top of SSH+IP....I have no workarounds for you that work over the long term. Maybe using IPsec will improve the situation.
– Rui F Ribeiro
Feb 24 at 20:46
add a comment |
I've set up an IPIP tunnel on 2 deb9 hosts for public IP routing and it kinda works. I can reach both ends, but if I let it idle for a bit, the speed decreases. After a while I can't even reach it anymore. If I send data (e.g. ping) through the tunnel from the host, the IPs are routed to, it wakes up again. What could be causing this?
OT:
I've tried GRE tunnels as well, but that just doesn't work as it should. It delivers 1.5mbit/s speeds on a gigabit link.
linux debian networking deb
I've set up an IPIP tunnel on 2 deb9 hosts for public IP routing and it kinda works. I can reach both ends, but if I let it idle for a bit, the speed decreases. After a while I can't even reach it anymore. If I send data (e.g. ping) through the tunnel from the host, the IPs are routed to, it wakes up again. What could be causing this?
OT:
I've tried GRE tunnels as well, but that just doesn't work as it should. It delivers 1.5mbit/s speeds on a gigabit link.
linux debian networking deb
linux debian networking deb
asked Feb 24 at 10:23
Martin MagyaricsMartin Magyarics
115
115
MTU/Keepalive issues. and having the TCP control/negotiation algorithms being applied twice (outside/inside the tunnel). Those are known limitations, not specific to Linux
– Rui F Ribeiro
Feb 24 at 15:34
And what could I do about the second part? I've tried changing the MTU, but that didn't help (atleast with the values i tried). I am running a ping session as a keepalive, but that only keeps it alive, the speed still goes down.
– Martin Magyarics
Feb 24 at 20:09
They are known issues of doing IP in top of IP, or even SCP on top of SSH+IP....I have no workarounds for you that work over the long term. Maybe using IPsec will improve the situation.
– Rui F Ribeiro
Feb 24 at 20:46
add a comment |
MTU/Keepalive issues. and having the TCP control/negotiation algorithms being applied twice (outside/inside the tunnel). Those are known limitations, not specific to Linux
– Rui F Ribeiro
Feb 24 at 15:34
And what could I do about the second part? I've tried changing the MTU, but that didn't help (atleast with the values i tried). I am running a ping session as a keepalive, but that only keeps it alive, the speed still goes down.
– Martin Magyarics
Feb 24 at 20:09
They are known issues of doing IP in top of IP, or even SCP on top of SSH+IP....I have no workarounds for you that work over the long term. Maybe using IPsec will improve the situation.
– Rui F Ribeiro
Feb 24 at 20:46
MTU/Keepalive issues. and having the TCP control/negotiation algorithms being applied twice (outside/inside the tunnel). Those are known limitations, not specific to Linux
– Rui F Ribeiro
Feb 24 at 15:34
MTU/Keepalive issues. and having the TCP control/negotiation algorithms being applied twice (outside/inside the tunnel). Those are known limitations, not specific to Linux
– Rui F Ribeiro
Feb 24 at 15:34
And what could I do about the second part? I've tried changing the MTU, but that didn't help (atleast with the values i tried). I am running a ping session as a keepalive, but that only keeps it alive, the speed still goes down.
– Martin Magyarics
Feb 24 at 20:09
And what could I do about the second part? I've tried changing the MTU, but that didn't help (atleast with the values i tried). I am running a ping session as a keepalive, but that only keeps it alive, the speed still goes down.
– Martin Magyarics
Feb 24 at 20:09
They are known issues of doing IP in top of IP, or even SCP on top of SSH+IP....I have no workarounds for you that work over the long term. Maybe using IPsec will improve the situation.
– Rui F Ribeiro
Feb 24 at 20:46
They are known issues of doing IP in top of IP, or even SCP on top of SSH+IP....I have no workarounds for you that work over the long term. Maybe using IPsec will improve the situation.
– Rui F Ribeiro
Feb 24 at 20:46
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f502660%2fipip-tunnel-speed-decreases-if-idle%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f502660%2fipip-tunnel-speed-decreases-if-idle%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
MTU/Keepalive issues. and having the TCP control/negotiation algorithms being applied twice (outside/inside the tunnel). Those are known limitations, not specific to Linux
– Rui F Ribeiro
Feb 24 at 15:34
And what could I do about the second part? I've tried changing the MTU, but that didn't help (atleast with the values i tried). I am running a ping session as a keepalive, but that only keeps it alive, the speed still goes down.
– Martin Magyarics
Feb 24 at 20:09
They are known issues of doing IP in top of IP, or even SCP on top of SSH+IP....I have no workarounds for you that work over the long term. Maybe using IPsec will improve the situation.
– Rui F Ribeiro
Feb 24 at 20:46