<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt"><div></div><span><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='color: black; line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Hi Martin<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='color: black; line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>I think, my email missed your kind attention. I
am stuck to move forward. Can you please guide me to proceed further? Thanks a
lot in advance for your suggestion.<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='color: black; line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Regards,<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='color: black; line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Chinmaya<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><o:p> </o:p></span></div><div><font face="Times New Roman">
</font></div></span><div class="yahoo_quoted" style="display: block;"><div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"><div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"><div dir="ltr"><font face="Arial" size="2">On Friday, October 4, 2013 12:26 PM, Chinmaya Dwibedy <ckdwibedy@yahoo.com> wrote:<br> </font> </div> <div class="y_msg_container"><div id="yiv8795019124"><div><div style="color: rgb(0, 0, 0); font-family: lucida console, sans-serif; font-size: 12pt; background-color: rgb(255, 255, 255);"><div><var id="yiv8795019124yui-ie-cursor"></var></div><span></span><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span>Hi Martin,</span></div><div><font face="Times New Roman">
</font></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span>I did profiling
the Charon implementation (using perf profiler tool) to find the main
bottleneck with 25k IPsec connections (without data traffic). The perf tool
generates an output file called perf.data. That file can then be analyzed using
the perf report. I found from call stack in the perf profiler ,: gmpn_addmul_1
function in<span> </span>libgmp.so.3.4.1 consumes
most of the CPU cycles on both the Linux systems ( IKE Initiator as well as <span> </span>IKE Responder) . It was clearly the hottest
procedure in the Chardon keying daemon (IKEv2). What I understand, the
strongswan uses the gmp library for the implementation of DH and we are using
the DH group as modp1024 at both ends.</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span>Here goes the
results of #perf report</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span>3.72%<span> </span>charon<span> </span>libgmp.so.3.4.1<span>
</span>[.] __gmpn_addmul_1</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.86%<span> </span>charon<span> </span>libcharon.so.0.0.0<span>
</span>[.] checkout_by_message</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.38%<span> </span>charon<span> </span>libc-2.11.1.so<span>
</span>[.] memcmp</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.19%<span> </span>charon<span> </span>libgmp.so.3.4.1<span>
</span><span> </span>[.] __gmpn_add_n</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.15%<span> </span>charon<span> </span>libgmp.so.3.4.1<span>
</span>[.] __gmpn_mul_1</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.10%<span> </span>charon<span> </span>libgmp.so.3.4.1<span>
</span><span> </span>[.] 0x00000000022ed8</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.09%<span> </span>charon<span> </span>libgmp.so.3.4.1<span>
</span>[.] __gmpn_sqr_basecase</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.09%<span> </span>charon<span> </span>libgmp.so.3.4.1<span> </span><span> </span>[.]
__gmpn_sqr_diagonal</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.07%<span> </span>charon<span> </span>libgmp.so.3.4.1<span>
</span>[.] __gmpn_lshift</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.04%<span> </span>charon<span> </span>libgmp.so.3.4.1<span> </span><span> </span>[.]
__gmpn_sub_n</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.04%<span> </span>charon<span> </span>libc-2.11.1.so<span>
</span>[.] 0x00000000096284</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.04%<span> </span>charon<span> </span>libpthread-2.11.1.so<span> </span><span> </span>[.]
pthread_rwlock_rdlock</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.04%<span> </span>charon<span> </span>libpthread-2.11.1.so<span>
</span>[.] __pthread_rwlock_unlock</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.02%<span> </span>charon<span> </span>libc-2.11.1.so<span>
</span>[.] __libc_malloc</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.02%<span> </span>charon<span> </span>libgmp.so.3.4.1<span>
</span>[.] __gmpn_mul_basecase</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.02%<span> </span>charon<span> </span>libgmp.so.3.4.1<span>
</span>[.] __gmpz_powm</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.02%<span> </span>charon<span> </span>libstrongswan-sha1.so<span>
</span><span> </span>[.] SHA1Transform</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.02%<span> </span>charon<span> </span>libc-2.11.1.so<span>
</span>[.] cfree</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.02%<span> </span>charon<span> </span>[kernel.kallsyms]<span>
</span><span> </span>[k] sha_transform</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.02%<span> </span>charon<span> </span>libc-2.11.1.so<span>
</span>[.] vfprintf</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.02%<span> </span>charon<span> </span>libgmp.so.3.4.1<span>
</span><span> </span>[.] __gmpn_kara_mul_n</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.01%<span> </span>charon<span> </span>[kernel.kallsyms]<span>
</span>[k] finish_task_switch</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.01%<span> </span>charon<span> </span>libgmp.so.3.4.1<span>
</span><span> </span>[.]
__gmpn_sqr_n</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.01%<span> </span>charon<span> </span>[kernel.kallsyms]<span>
</span>[k] _raw_spin_unlock_irqrestore</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.01%<span> </span>charon<span> </span>libcharon.so.0.0.0<span> </span><span> </span>[.]
vlog</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.01%<span> </span>charon<span> </span>[kernel.kallsyms]<span>
</span>[k] smp_call_function_many</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.01%<span> </span>charon<span> </span>libstrongswan-sha1.so<span> </span><span> </span>[.]
SHA1Update</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.00%<span> </span>charon<span> </span>libc-2.11.1.so<span>
</span>[.] memcpy</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span><span> </span>0.00%<span> </span>charon<span> </span>libc-2.11.1.so<span> </span><span> </span>[.]</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span>Do I need to
use the Libgcrypt instead of GMP library?<span>
</span>If yes, please suggest how to do that. Or will you suggest drilling down
into gmpn_addmul_1 function (GMP software component) to figure out the real
cause?</span></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span>Thanks in advance for your help and suggestions.</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span> </span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span>Regards,</span></div><div><font face="Times New Roman">
</font></div><div class="yiv8795019124MsoNormal" style="margin: 0in 0in 10pt;"><span>Chinmaya</span></div><div><font face="Times New Roman">
</font></div><div></div><div><br clear="none"></div> <div class="yiv8795019124yqt7472708671" id="yiv8795019124yqt01221"><div style="font-family: lucida console, sans-serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <div class="yiv8795019124hr" style="margin: 5px 0px; padding: 0px; border: 1px solid rgb(204, 204, 204); height: 0px; line-height: 0; font-size: 0px;"></div> <font face="Arial" size="2"> <b><span style="font-weight: bold;">From:</span></b> Martin Willi <martin@strongswan.org><br clear="none"> <b><span style="font-weight: bold;">To:</span></b> Chinmaya Dwibedy <ckdwibedy@yahoo.com> <br clear="none"><b><span style="font-weight: bold;">Cc:</span></b> "users@lists.strongswan.org" <users@lists.strongswan.org> <br clear="none"> <b><span style="font-weight: bold;">Sent:</span></b> Wednesday, September 25, 2013 1:10 PM<br clear="none"> <b><span
style="font-weight: bold;">Subject:</span></b> Re: [strongSwan] Performance issue with 20k IPsec tunnels
(using 5.0.4 strongswan and load-tester plugin)<br clear="none"> </font> </div> <div class="yiv8795019124y_msg_container"><br clear="none"><br clear="none">> I find, there are lots of retransmissions (as it prints the status of<br clear="none">> the initiation with *character mostly) in console. I know, these are<br clear="none">> certainly considered to be bad. But I have set the retransmit_timeout<br clear="none">> and retransmit_tries to 300 seconds and 300 times respectively, which<br clear="none">> is a huge.<br clear="none"><br clear="none">The retransmissions usually indicate that one of the peers is<br clear="none">overloaded. Increasing retransmission timeouts can't solve your<br clear="none">performance limitations; this might help to work around the issues you<br clear="none">see in your lab, but certainly does not resemble what you have on a real<br clear="none">setup. Further, the charon.half_open_timeout strongswan.conf
setting<br clear="none">defaulting to 30s
will delete the IKE_SA on the responder if it does not<br clear="none">come up within that timeout.<br clear="none"><br clear="none">As said before, I think you should focus on finding the bottleneck of<br clear="none">your setup rather than adjusting your client configuration. Use a<br clear="none">profiling tool.<div class="yiv8795019124yqt2777541139" id="yiv8795019124yqtfd90171"><br clear="none"><br clear="none">Regards<br clear="none">Martin<br clear="none"><br clear="none"></div><br clear="none"><br clear="none"></div> </div> </div></div> </div></div></div><br><div class="yqt7472708671" id="yqt01443">_______________________________________________<br clear="none">Users mailing list<br clear="none"><a href="mailto:Users@lists.strongswan.org" shape="rect" ymailto="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a><br clear="none"><a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank"
shape="rect">https://lists.strongswan.org/mailman/listinfo/users</a></div><br><br></div> </div> </div> </div> </div></body></html>