Skip to content
DCO (data channel offload) offering
Suggestions/comments/criticisms are welcome here
Once OpenVPN 2.6.0 stable version is released, will Viscosity make available an option to enable DCO for the client?
Why I ask is because it's soon to be released with my OpenVPN server once 2.6.0 is released, and it looks very beneficial in efficiency.
"OpenVPN DCO allows for huge performance gains when processing encrypted OpenVPN data by reducing the amount of context switching that happens for each packet. "
ref: https://openvpn.net/blog/openvpn-data-channel-offload/
Thanks,
John
Why I ask is because it's soon to be released with my OpenVPN server once 2.6.0 is released, and it looks very beneficial in efficiency.
"OpenVPN DCO allows for huge performance gains when processing encrypted OpenVPN data by reducing the amount of context switching that happens for each packet. "
ref: https://openvpn.net/blog/openvpn-data-channel-offload/
Thanks,
John
Hi John,
We have no current plans to adopt the DCO driver. While that may change in the future, for now we don't feel it'll offer a major benefit to Viscosity users. There are a number of reasons behind this:
- It's not possible to implement DCO on macOS. Apple have deprecated "kernel extensions" and replaced them with "system extensions". System extensions run in user-space, offering no performance benefit from having a user-space process do the work.
- Viscosity's Windows driver already outperforms the OpenVPN TAP driver in performance and is capable of saturating almost all client-side network connections.
- Much of the performance gain is reportedly from multithreading the encryption/decryption, rather than from it being in-kernel. We're looking into whether we can introduce this multithreading into the OpenVPN implementation itself without the need of a dedicated driver (which would benefit both macOS and Windows versions).
- DCO is primarily of benefit on the OpenVPN server. You'll still be able to connect to servers using the DCO driver/module without needing to also be using the DCO driver client-side.
- DCO's cipher support is limited to a very small number of available ciphers, which raises tricky issues when Viscosity needs to load a network driver to use (as it may not know in advance while ciphers can be used).
As mentioned above, we try not to lock ourselves into decisions and this may change in the future.
Cheers,
James
We have no current plans to adopt the DCO driver. While that may change in the future, for now we don't feel it'll offer a major benefit to Viscosity users. There are a number of reasons behind this:
- It's not possible to implement DCO on macOS. Apple have deprecated "kernel extensions" and replaced them with "system extensions". System extensions run in user-space, offering no performance benefit from having a user-space process do the work.
- Viscosity's Windows driver already outperforms the OpenVPN TAP driver in performance and is capable of saturating almost all client-side network connections.
- Much of the performance gain is reportedly from multithreading the encryption/decryption, rather than from it being in-kernel. We're looking into whether we can introduce this multithreading into the OpenVPN implementation itself without the need of a dedicated driver (which would benefit both macOS and Windows versions).
- DCO is primarily of benefit on the OpenVPN server. You'll still be able to connect to servers using the DCO driver/module without needing to also be using the DCO driver client-side.
- DCO's cipher support is limited to a very small number of available ciphers, which raises tricky issues when Viscosity needs to load a network driver to use (as it may not know in advance while ciphers can be used).
As mentioned above, we try not to lock ourselves into decisions and this may change in the future.
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Bluesky: https://bsky.app/profile/sparklabs.com
Support: https://www.sparklabs.com/support
Bluesky: https://bsky.app/profile/sparklabs.com
- Posts: 2
- Joined: Sun Oct 06, 2024 7:41 am
So it's absolutely impossible to see the performance benefit of DCO with current macOS implementation of extensions?
3 posts
Page 1 of 1