[strongSwan] Regarding Load testing problems..
Martin Willi
martin at strongswan.org
Wed Oct 12 10:25:36 CEST 2011
Hi,
> i tried with 1000 tunnels i.e. with initiator 5 and iterations 200 and
> delay 100ms. In this i got around 900 tunnels out of 1000 !!!!
Probably one of your peers gets overloaded and can't handle all
connection requests. Pakets get lost, and some tunnels can't establish
at all. Try to increase the delay.
> Does this has something to do with ikesa_table_size and
> ikesa_table_segments ???.
Not directly, but for many thousand IKE_SAs you'll have to tune your
ikesa_table to get good performance.
> Also in the client side where the load test is initiated, even though
> tunnels are getting created the Security Associations were NONE !!!!
> when i give ipsec satusall
> leftsubnet=0.0.0.0/0
> rightsubnet=10.63.0.0/16
The load tester plugin currently does not support subnets, but only
host-to-host (or host-to-virtual-ip) configurations. You'll have to
extend the plugin if you'd like to test against such a config.
Regards
Martin
More information about the Users
mailing list