<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt"><div><span><br></span></div><div><span>Hi,</span></div><div><span><br></span></div><div><span>Can anyone please respond to this email ? Thanks in advance for your support and help.</span></div><div><span><br></span></div><div><span>Regards,</span></div><div><span>Chinmaya</span></div><div class="yahoo_quoted" style="display: block;"> <br> <br> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> On Tuesday, March 4, 2014 4:53 PM, Chinmaya Dwibedy <ckdwibedy@yahoo.com> wrote:<br> </font> </div> <div class="y_msg_container"><div id="yiv3255434384"><div><div
style="color: rgb(0, 0, 0); font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt; background-color: rgb(255, 255, 255);"><div>Hi All,</div><div><br></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>I modified the strongswan (5.0.4) code to write a new DH using
Octeon Core Crypto Library APIs.<span> </span>Run
with 200k IPsec tunnels with DH group 1 (Encryption algo: AES and integrity
algorithm: SHA1) and found the tunnel setup rate to be 175-180 per second (approximately).
Note that, with gmp library (using the same set of parameters), the setup rate
was found out to be 120-125. Note, the Octeon Core Crypto Library provides
API's on Octeon for Crypto acceleration and DH operation.</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Then I did profiling the Charon implementation (using perf
profiler tool) to find the functions which slows down the setup rate. I found
the hotspot to be pthread_mutex_lock(), where most of the CPU cycles are
consumed. I changed the code libstrongswan\threading\mutex.c so as to use gcc
atomic builtins<span>
</span>__sync_fetch_and_add()/__sync_sub_and_fetch() instead of
pthread_mutex_lock()/pthread_mutex_unlock() for enhanced setup rate. </span><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Upon running, noticed that the setup rate got reduced to 50
per seconds. What I understand, atomic operation should speed up the rate which
is opposite in this case. </span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Can anyone please let me know what might the issue and what is
the way to move forward to achieve the 250 tunnels per second? I am stuck up. Thus any suggestions
are greatly appreciated. </span><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>I found from the following web link i.e.,
https://lists.strongswan.org/pipermail/users/2009-December/004184.html that,
Mr. <span> </span>Martin has measured 200+ tunnel
negotiations/second (1 IKE + 1 CHILD_SA). It implies that, it is doable and I am missing something. </span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Note that, we are using two Multi-Core MIPS64 Processors with
16 cnMIPS64 v2 cores (one acts as an IKE initiator and another as an IKE
responder). We are running strongswan in both systems. Both the systems have
1Gbps Ethernet cards, which are connected to 1 Gbps L2 switch. The Wind River
Linux runs on all the 16 cores.</span><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'> </span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Here goes the strongswan configuration at both the ends</span><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'> </span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>IKE Initiator </span><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'> </span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span># number of worker
threads in charon</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span>threads = 64</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span>replay_window =
32</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span>dos_protection =
no</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>block_threshold=1000</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span><span> </span>cookie_threshold=1000</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>init_limit_half_open=1000</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>retransmit_timeout=10</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>retransmit_tries=5</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>install_virtual_ip=no</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>install_routes=no</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>close_ike_on_child_failure=yes</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span>ikesa_table_size
= 16384</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span><span> </span>ikesa_table_segments = 256</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span>reuse_ikesa = no</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><font face="Times New Roman"><br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span>load-tester {</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>enable = yes</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>initiators = 10</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>iterations = 25000</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span>delay
= 20</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>responder = 30.30.30.21</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>proposal = aes128-sha1-modp768</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>initiator_auth = psk</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>responder_auth = psk</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>request_virtual_ip = yes</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>initiator_tsr=40.0.0.0/8</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>ike_rekey = 0</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span><span> </span>child_rekey = 0</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>delete_after_established = no</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>shutdown_when_complete = no</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>#fake_kernel = yes</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'> </span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span>}</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'> </span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>IKE Responder</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'> </span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'># number of worker threads in charon</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span>threads = 64</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span><span> </span>replay_window = 32</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span>dos_protection =
no</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>block_threshold=100</span></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>cookie_threshold=100</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>init_limit_half_open=100</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>hslf_open_timeout=100</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>close_ike_on_child_failure=yes</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span>ikesa_table_size
= 16384</span></div><div><font face="Times New Roman">
<br></font></div><div style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span>
</span>ikesa_table_segments = 256</span></div><div><font face="Times New Roman">
</font><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span> </span>reuse_ikesa = no</span></div><div><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><br></span></div><div><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><br></span></div><div><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Regards,</span></div><div><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Chinmaya</span></div><div></div></div></div></div><br><br></div> </div> </div> </div> </div></body></html>