Detailed packet overhead in Manpage.

[yuko1225]

Hello,

I think it will be great if you can describe the fully detail about overhead and MTU best practice(TUN & TAP mode) in manpage.

Thanks.

BTW.I want to know how the TUN device handle the multicast.Did you have any information about that?

[dswd]

Hi, I will add some information on packet overhead to the manpage.

Regarding multicast: VpnCloud has no special support for multicast and I did not test any multicast scenarios. So this is all theoretical:

1. If you use a TAP device, IP multicast should be mapped to ethernet broadcast and just work (although being a little bit inefficient)
2. If you use a TUN device with the default router mode IP multicast packets should be dropped as no node claims the IP multicast region.
3. If you use a TUN device with the learning switch mode, the multicast packets should be broadcast and multicast should just work (although being a little bit inefficient)
   Other VPN software either does not implement multicast (like VpnCloud currently) or cheats by broadcasting it. Proper multicast support is somewhat complicated as several control protocols for IPv4 and IPv6 have to implemented. Do you have a certain scenario for multicast or is this just a general question?

[yuko1225]

@dswd Some routing protocol require multicast to work.

3. If you use a TUN device with the learning switch mode, the multicast packets should be broadcast and multicast should just work (although being a little bit inefficient)

As far as I know,TUN is a point-to-point device.Something like
ip route add default dev tun0
is what I usually do.So I'm very interested about TUN with switched mode(I never seen anything like it before).Obviously it can save the ethernet header.Did you have any config example of it?In manpage I only saw the example of TAP with switched and TUN with router.

Thanks.

[yuko1225]

@dswd BTW,I want to know if the vpncloud can handle the packet oversize or not(for example I intentionally set the mtu to 1500 to make the big packet pass through)

In many scenario,you can't set the MTU too low.Some application did not support low MTU,and also,bridge standard ethernet port(MTU 1500) to a non standard MTU port will cause very bad performance.The ethernet frame will drop silently(without ICMP error since it is not a router) if the frame goes over the tap device's mtu size.

[dswd]

Regarding TUN devices in switched mode: There are two device types TUN and TAP and the only difference between them is that TUN transports IP packets and TAP transports Ethernet frames.
All the rest is about how VpnCloud decides where packets/frames should be sent to. In routed mode each node claims one or more address regions by prefix and all the nodes match against those prefixes. In switch mode, nodes learn addresses by looking at the source addresses and broadcast for unknown addresses. Routed mode is native to TUN devices and switched mode is native to TAP devices but there is no reason not to use switched mode for TUN devices.

VpnCloud supports MTUs up to 65000 bytes. However this results in worse latency and loss rate (see #2)

[dswd]

I updated the FAQ with those topics.

[yuko1225]

@dswd That's great.So in the standard ethernet,the maximum MTU in TUN device without fragment will be 1500 - 20IPv4 - 8UDP- 8protocol - 12crypto -> 1452.Is that correct?

I will test routing protocol in TUN device with switched mode recently.Hopefully I can give you some feedback soon.

[dswd]

Yes that is right. But mind that IPv4 means the external addresses, not the internal VPN addresses.