<div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">Hi,all</div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">
<br></div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)"> I set up a test platform just as the test example of "strongSwan UML Tests/ikev2/nat-virtual-ip ".This is the detail of testing platform which I used :</div>
<div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">moon :</div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">
cpu: 333 MHz PowerPC</div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)"> RAM memory: DDR2 256 MB</div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">
software: Linux 2.6.32 ,strongswan-4.5.2, iptables-1.4.5</div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">SUN £º</div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">
cpu: 3 GHz x86</div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)"> RAM memory: DDR2 3 GB</div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">
software: Linux 2.6.32 ,strongswan-4.5.2</div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">Alice, bob :</div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">
cpu: 3 GHz x86</div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)"> RAM memory: DDR2 3 GB</div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">
software: Linux 2.6.32 ,strongswan-4.5.2</div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)"><br></div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">
All the configuration script I used is the same as the example "strongSwan UML Tests/ikev2/nat-virtual-ip ".</div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">
The router moon set up a connection to gateway sun, and the gateway sun had assigned a virtual IP address to router moon. A special updown script on moon specified by leftupdown=/etc/nat_updown dynamically inserted a source NAT rule which mapped the IP address of client alice to the virtual IP of moon.</div>
<div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)"> Then the client alice send the udp packets of 100 bytes length every 10 microseconds with about 10 threads at one time . Under these circumstances , the idle of moon's CPU would be less than 10%, even 0% . As a result , the moon could not printf anything. If the router moon PING the client alice at the same time, there would appear a big time delay which was above 10 seconds.</div>
<div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)"> I had ever thinking that this phenomena might be arisen from the low performance of moon'CPU.So I aslo did two experiments. The first experiment, I used the same hardware platform to set up the environment as the example of "Test ikev2/net2net-psk" and found what would happen. The result is that the idle of moon's CPU would be more than 90% all the time and there was not any big time delay when the router moon PING the client alice at the same time ,which was fewer than 1 microseconds all the time.</div>
<div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)"> The second experiment, I used the same hardware platform to set up a environment which just set up the NAT and open the ip_forward in the moon. And the udp packets of alice sent out to the gateway sun only through the NAT of moon. The result is that the idle of moon's CPU would be more than 95% all the time and there was not any big time delay when the router moon PING the client alice at the same time, which was fewer than 1 microseconds all the time .</div>
<div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)"> This two experiment had approved that the "big time delay" phenomena was not arisen from the low performance of moon'CPU. They were both working well when the NAT was separated from the IPSEC. But when joined the NAT and IPSEC together in the moon, the moon could not work normally. why ? Is this a bug of the strongswan or the NAT ?</div>
<div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)"><br></div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">
Regards , </div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)"><br></div><div style="font-family:'lucida Grande',Verdana;font-size:14px;line-height:23px;background-color:rgb(255,255,255)">
Kenxin </div>