[strongSwan] Regarding Load testing problems..
Narendra K A
naren.ka at gmail.com
Wed Oct 12 07:39:04 CEST 2011
Hello everyone,
I need some help regarding load testing against remote host. First
i tried with 1000 tunnels i.e. with initiator 5 and iterations 200 and
delay 100ms. In this i got around 900 tunnels out of 1000 !!!!
remaining 100 tunnels were down. It took around 5 to 8 mins. Later i
tried for 10000 tunnels now *i got only around 7500 tunnels out of
10000* and the remaining tunnels were down !!!!! and it took around 50
mins. So how do i get to establish all 10000 tunnels. Is there any
specific parameter i am missing or some configurations ?
Does this has something to do with* ikesa_table_size* and*
ikesa_table_segments* ???. I also tried setting these parameters but
the result was same !!.
Also in the client side where the load test is initiated, *even though
tunnels are getting created the Security Associations were NONE !!!!*
when i give ipsec satusall
Please provide me some inputs on how to proceed .
*My ipsec.conf file is as below*
config setup
hidetos=no
nat_traversal=yes
plutostart=no
conn %default
authby=eap
auto=add
dpddelay=0
dpdaction=clear
ike=aes128-3des-sha-modp2048!
ikelifetime=24h
keyexchange=ikev2
keyingtries=1
keylife=4h
left=%defaultroute
leftnexthop=%defaultroute
leftsourceip=%config
leftsubnet=0.0.0.0/0
reauth=no
rekey=yes
rekeyfuzz=100%
rekeymargin=10m
rightca=%any
rightid=@iprc.nlt.in
rightsubnet=10.63.0.0/16
strongswan.conf file is as in the below link
http://wiki.strongswan.org/projects/strongswan/wiki/LoadTests and i am using
eap.
Regards,
Naren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20111012/251f621d/attachment.html>
More information about the Users
mailing list