i0n wrote:In the ovpn config file there is a gateway called "exitnode_balancer.cryptostorm.org". Do you plan to support other gateways or will there always be a single one? Will you deploy gateways in countries other than Canada?
Mahatma Gandhi wrote:First they ignore you, then they laugh at you, then they fight you and then you win.
Guest wrote:From what i can remember/ what i took it as, is that canada is a good test gateway. With the .is Domain and the stories of Iceland being a nice lil haven of protection right now, and Iceland gateway I assume is sure to pop up. Thats just my .02.
cryptostorm_ops wrote: This is vastly different than traditionally is the case with "VPN services" - for example, we've seen 300+ megabit/second throughput on a box with dual processors (older procs, too) and CPU utilization not go over 20%. Ever. But, with cryptostorm's crypto suite selection choosing vastly more powerful (and CPU intensive) algorithms and ephemeral session cycling parameters, this has flipped totally in reverse: now, we're seeing boxes choke on CPU long before any sort of networking bottleneck comes forth.
Lignus wrote:Yup. We have now entered an era where CPUs matter again. The cipher suite you guys are using is intensive. Without AES acceleration available in Haswell/some earlier highend Intel or the newer AMD processors, you were looking at about 50-70MHz per megabit. Even being generous, if your servers were running 16 cores of 2.4GHz and the sessions were perfectly balanced, you are still not likely to get more than 600MBps from the machine. Seeing as OpenVPN isn't multithreaded, which means more overhead from dividing up the processes. If you brought old servers online, there were probably quad core and not much more than 2.6GHz, leaving you guys scratching your heads when you were barely, if at all, pushing 150MBps.
I have not had the chance to run AES-NI versus None on my i7 machine, but I suspect the performance difference is 2-4x performance per clock based on other benchmarks I have seen on AMD cpus (4x boost) that support it. Given that, an AMD FX-8350 (8x4GHz) probably pushes 500+MBps without AES and potentially over 2GBps with AES acceleration enabled. My estimates are based on a fairly even distribution of bandwidth per core. The same FX-8350 running only a single instance isnt going to top 70MBps for a single user without AES. With, that single customer could probably top 250MBps if they were similarly tuned and had the bandwidth.
DesuStrike wrote:Sweden - For some reason people love Sweden based VPNs. Maybe cater towards this strange preference, even though I don't see any real benefits from that location.
parityboy wrote:I voted for Netherlands. I know an exit for the old CC network was there, and I assume the team is familiar with the Dutch DC setup process and all that jazz. However, I didn't see Switzerland on the list. Is it a territory you've considered?
parityboy wrote:Isn't international data traffic in the Asia/Australasia region rather expensive compared to say the EU or the US? Al least, that's what I've read...
I've recently read that Portugal now have the 6th biggest datacentre in the world, which is also the biggest in Europe. Looks like Portugal is on the up-and-up.
Tealc wrote:1) I really don't believe that putting a cluster in the USA is the smart way to go, since the recent events I've shutdown 2 servers that the company that I worked for add in Florida and LA. We shouldn't trust a USA based company, period.
I've also recentry read that in the UK, Virgin Media Business will sell you a 1Gb/s symmetrical link for £21,000 per year and that's if you're already connected to the Virgin network. If not, it's £30,000 per year. I swear these people make up their prices out of thin air...
Plus we do traffic shape internally, understand how to dicker on QoS, don't accept oversold "unlimited" plans, etc.
Is that 300Mb/s connection symmetrical or asymmetrical? What's the upload speed?
I really don't know what it is with European Internet providers, they just cannot stand the idea of handing out a symmetrical connection. I'd take 100/100 over 300/15 or even 300/30 which is what they have in the UK. It seems to be only the Scandinavian countries that recognise the benefit of symmetrical connections - or perhaps more likely, they don't have the protectionist mentality of the other countries. They also seem to have a greater diversity of providers (such as the electricity company) as opposed to the usual duopoly of cable TV company and incumbent state telco.
asia wrote:good points.
i would appreciate a node in Japan and South Korea, just from the performance/latency point as both are "islands" (korea kind of is, due to north korea), with very high speed "domestic" inter(intra)-net, but really bad connectivity once you access servers outside the island.
using a HK vpn in South Korea for example, degrades the performance immensely. while torrent performance goes down flaking from 1.1 MB/s to 2.7 MB/s instead of the usual 5-6 MB/s, accessing websites - which range from sites behind stellar CDN's with a node at the same ISP, to other CDN's at least closer to the region, to sites without any CDN, hosted in europe, us, whatever - can take 5-10 seconds now. definitely hard to accept, not only for korean standards, but also compared to normal slowish european, american consumer grade internet connections.
voip or gaming is impossible due to 300 to 600ms latency or so.
IMO strategically Brazil and Malaysia as your next spots. If you're looking at getting buy-in to your nodes, Brazil has a huge alternative software community that's very concerned about privacy (see Twister, ZapZap, etc.)
cryptostorm_support wrote:Privangle: A portugal exit node should be coming online shortly, and we still desperately want an asian node as well. That'll likely be next.
Code: Select all
remote raw-brisa.cryptostorm.net 443 udp
remote raw-brisa.cryptostorm.org 443 udp
remote raw-brisa.cryptostorm.nu 443 udp
Users browsing this forum: Google [Bot] and 11 guests