[strongSwan] Regarding Load testing problems..

Narendra K A naren.ka at gmail.com
Wed Oct 12 07:39:04 CEST 2011


Hello everyone,

    I need some help regarding load testing against remote host. First
i tried with 1000 tunnels i.e. with initiator 5 and iterations 200 and
delay 100ms. In this i got around 900 tunnels out of 1000 !!!!
remaining 100 tunnels were down. It took around 5 to 8 mins. Later i
tried for 10000 tunnels now *i got only around 7500 tunnels out of
10000* and the remaining tunnels were down !!!!! and it took around 50
mins. So how do i get to establish all 10000 tunnels. Is there any
specific parameter i am missing or some configurations ?


Does this has something to do with* ikesa_table_size* and*
ikesa_table_segments* ???. I also tried setting these parameters but
the result was same !!.

Also in the client side where the load test is initiated, *even though
tunnels are getting created the Security Associations were NONE !!!!*
when i give ipsec satusall

Please provide me some inputs on how to proceed .

*My ipsec.conf file is as below*

config setup

        hidetos=no
        nat_traversal=yes
        plutostart=no

conn %default
        authby=eap
        auto=add
        dpddelay=0
        dpdaction=clear
        ike=aes128-3des-sha-modp2048!
        ikelifetime=24h
        keyexchange=ikev2
        keyingtries=1
        keylife=4h
        left=%defaultroute
        leftnexthop=%defaultroute
        leftsourceip=%config
        leftsubnet=0.0.0.0/0
        reauth=no
        rekey=yes
        rekeyfuzz=100%
        rekeymargin=10m
        rightca=%any
        rightid=@iprc.nlt.in
        rightsubnet=10.63.0.0/16


strongswan.conf file is as in the below link
http://wiki.strongswan.org/projects/strongswan/wiki/LoadTests and i am using
eap.

Regards,
Naren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20111012/251f621d/attachment.html>


More information about the Users mailing list