[strongSwan-dev] StrongSwan 5.6.3, Netlink performance issue as responder.
Vinay G. Pullela
vpullela at parallelwireless.com
Tue Dec 4 03:26:36 CET 2018
Hi Dev Team,
I am trying to setup 100K tunnels at 20 tunnels/sec.
But as the number of tunnels established is increasing the kernel-netlink plugin performance is decreasing exponentially.
What I mean by this is request and response for the kernel-netlink messages are taking more and more time as the number of established tunnels count, I have tried both with the parallel option enabled and disabled, see the observation for both below.
1. When parallel flag in kernel_netlink_ipsec.c is set to false, most of the threads are waiting for the lock to send netlink_messages to kernel. And the thread with lock is in sendto in kernel_netlink_shared.c (write_msg)
2. When parallel flag in kernel_netlink_ipsec.c is set to true, most of the thread are in condition_wait for the response to be received and processed. And the thread with lock is in sendto in kernel_netlink_shared.c (write_msg).
Note: Route installation is disabled.
We need help to determine the issue with the netlink performance, as we want to achieve 250 Tunnels per sec and 100K tunnels.
Regards,
Vinay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20181204/094def82/attachment.html>
More information about the Dev
mailing list