[strongSwan] Performance (in)dependent on ingress rate?

nima chavooshi nima0102 at gmail.com
Thu Sep 1 11:47:58 CEST 2011


Hi
I had experienced this behavior with snort in inline mode. in my test bed, I
flow X mega byte on snort machine, X mg without any delay has been handle.
but I increased traffic by 2 times. but snort machine only could X/2
handled!
So I think your information is true.

Thanks

On Thu, Sep 1, 2011 at 1:11 AM, Adam Tisovsky <tisovsky at gmail.com> wrote:

> Hello,
>
> I’m doing some benchmarks of IPsec performance on Cisco router and I have
> experienced the situation described bellow. My question is whether anybody
> has performed simillar tests on StrongSWAN and can tell how did it behave.
>
> When you are gradually increasing the rate of traffic to be secured (using
> UDP as a transport protocol) you reach the maximum possible throughput of
> the device. But when you continue increasing the rate of ingress traffic
> beyond this point, the fowarding rate of device will decrease. Example:
>
> Max. throughput of device is 10 Mbps. If Ingress traffic rate is 10 Mbps,
> then forwarding rate is 10 Mbps.  But when ingress rate is 20 Mbps, you get
> forwarding rate only 5 Mbps.
>
> I have experienced this on Cisco 1841 router with HW accelerator DISABLED.
> After some investigation I foud out that more ingress traffic utilizes main
> CPU more by interrupts. And interrupts go on the expense of encryption
> process. Therefore the decrease of forwarding rate. With HW accelerator
> enabled this situation on does not occur, device forwards traffic at the
> maximum rate even if it’s overloaded by the ingress tarffic.
>
> I didin’t find any information dealing with this, however I find it quite
> interesting. I’m also planning to do the tests on StrongSWAN, but it takes
> some time. So any information will be helpful in advance.
>
> Thank you
> Adam
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110901/85bf69ca/attachment.html>


More information about the Users mailing list