[strongSwan] Performance (in)dependent on ingress rate?

Adam Tisovsky tisovsky at gmail.com
Wed Aug 31 22:41:10 CEST 2011


I’m doing some benchmarks of IPsec performance on Cisco router and I have
experienced the situation described bellow. My question is whether anybody
has performed simillar tests on StrongSWAN and can tell how did it behave.

When you are gradually increasing the rate of traffic to be secured (using
UDP as a transport protocol) you reach the maximum possible throughput of
the device. But when you continue increasing the rate of ingress traffic
beyond this point, the fowarding rate of device will decrease. Example:

Max. throughput of device is 10 Mbps. If Ingress traffic rate is 10 Mbps,
then forwarding rate is 10 Mbps.  But when ingress rate is 20 Mbps, you get
forwarding rate only 5 Mbps.

I have experienced this on Cisco 1841 router with HW accelerator DISABLED.
After some investigation I foud out that more ingress traffic utilizes main
CPU more by interrupts. And interrupts go on the expense of encryption
process. Therefore the decrease of forwarding rate. With HW accelerator
enabled this situation on does not occur, device forwards traffic at the
maximum rate even if it’s overloaded by the ingress tarffic.

I didin’t find any information dealing with this, however I find it quite
interesting. I’m also planning to do the tests on StrongSWAN, but it takes
some time. So any information will be helpful in advance.

Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110831/255189ac/attachment.html>

More information about the Users mailing list