Discussion:
[Openvpn-users] MULTI: packet dropped due to output saturation (multi_add_mbuf)
Jonas Truemper
2005-07-20 06:32:02 UTC
Permalink
Hi there,

I have got a linux router (I don't think this is the source of my
problem) between my OpenVPN Server and the Internet.
Me and 2 guys were trying to play "Battle For Middle Earth" via an
OpenVPN bridge running on my Computer behind the router.
The listening port of OpenVPN (1194) is forwarded correctly to my
computer. Also the clients had no problems connecting. We can ping each
other and we also see the smb network shares of each other.
But for some strange reason this game didn't not work quite right.
(For those who know it: I (running the openvpn server) saw the clients
inside the game lobby, they didnt see anyone except themselves).
The only thing i can provide as an error OpenVPN spit out is this:

MULTI: packet dropped due to output saturation (multi_add_mbuf)

Sometimes this messages was prefixed by one of the client IPs.
So obviously there are outgoing packets dropped which would at least
explain why I can see them and they can't see me.

So does anyone have an idea where this packet dropping comes from? My
internet connection did still have some capacities left...
I also did a search on google and inside these newsgroups but this
didn't return anything useful.


Thanks in advance,
Jonas
Jonas Truemper
2005-07-21 12:58:13 UTC
Permalink
Hey,
Post by Jonas Truemper
MULTI: packet dropped due to output saturation (multi_add_mbuf)
does no one have any idea??


greetings
Jonas
James Yonan
2005-07-21 13:29:12 UTC
Permalink
Post by Jonas Truemper
Hey,
Post by Jonas Truemper
MULTI: packet dropped due to output saturation (multi_add_mbuf)
does no one have any idea??
This occurs when you have a TCP-connected client on a lower bandwidth
link, and the OpenVPN server accumlates an excessive backlog of packets
because it is receiving them faster than it is able to send them to the
client.

This usually occurs on a TAP-based bridged VPN with TCP clients, and too
much broadcast traffic on the bridged LAN. Unicast traffic over TCP is
always throttled, so each party to such a connection will throttle down to
the speed that the link can support.

The problem is that broadcast traffic is not throttled, so if you have a
network with a lot of broadcasts, it can easily overwhelm the link speed
of a client (even a broadband client).

Two possible solutions (for the TAP-based VPN with clients getting
saturated by excessive broadcast traffic):

(1) Use a tool such as ebtables to filter out the broadcasts you don't
need to be forwarded over the VPN.

(2) Use "dev tun" mode instead of "dev tap" mode which will not forward
broadcast traffic over the VPN.

James
Jonas Truemper
2005-07-21 16:21:10 UTC
Permalink
Hi James,

James Yonan wrote:

[...]
Post by James Yonan
(1) Use a tool such as ebtables to filter out the broadcasts you don't
need to be forwarded over the VPN.
(2) Use "dev tun" mode instead of "dev tap" mode which will not forward
broadcast traffic over the VPN.
James
first of all: thanks for the explanation.

Unfortunately the solutions you proposed do not help in my case I at
least know now why this happens.
The problem is: we need those broadcast since we want to play
multiplayer via this vpn that use broadcast to realize a lobby.
Additionally I don't know any way to make these games just connect to a
running server (especially Battle for Middleearth does not provide any
options to do so).
Is there any other way to ... maybe just regulate this traffic?
Let's say we use udp for the vpn. Then maybe some packets get lost but
at least some of them should reach the client.

Am I wright or totally wrong?


greetings
Jonas
James Yonan
2005-07-21 16:42:08 UTC
Permalink
Post by Jonas Truemper
Hi James,
[...]
Post by James Yonan
(1) Use a tool such as ebtables to filter out the broadcasts you don't
need to be forwarded over the VPN.
(2) Use "dev tun" mode instead of "dev tap" mode which will not forward
broadcast traffic over the VPN.
James
first of all: thanks for the explanation.
Unfortunately the solutions you proposed do not help in my case I at
least know now why this happens.
The problem is: we need those broadcast since we want to play
multiplayer via this vpn that use broadcast to realize a lobby.
Additionally I don't know any way to make these games just connect to a
running server (especially Battle for Middleearth does not provide any
options to do so).
Is there any other way to ... maybe just regulate this traffic?
Yes, but you'd need a find to way to do that in the game app. OpenVPN
isn't going to know how to packet filter an application-level broadcast
protocol.
Post by Jonas Truemper
Let's say we use udp for the vpn. Then maybe some packets get lost but
at least some of them should reach the client.
Yes, I would definitely try UDP, though you will likely still get some
packet loss.

James

Loading...