[strongSwan] charon RSA tunnel setup speed hints?

Richard Andrews richard.andrews at symstream.com
Tue Aug 14 01:41:37 CEST 2012

I have rerun my test with 


What I'm finding is an unexpectedly long time interval in what I think
is searching for the peer. In this case about 400ms.

What can I do to make peer lookup more efficient? How is it implemented?

2012-08-14T09:21:24.414328+10:00 s5gw-211 charon: 12[NET] received packet: from[4500] to[4500]
2012-08-14T09:21:24.414358+10:00 s5gw-211 charon: 12[ENC] parsed IKE_AUTH request 1 [ IDi IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(MULT_AUTH) ]
2012-08-14T09:21:24.414368+10:00 s5gw-211 charon: 12[CFG] looking for peer configs matching[C=AU, O=Symstream, OU=RnD, CN=vpngw02.symstream.com]...[C=AU, OU=RnD, O=Symstream, CN=test04038.rnd.symstream.com]
... (other threads running here) ...
2012-08-14T09:21:24.827138+10:00 s5gw-211 charon: 12[CFG] selected peer config 'svc_04042'
2012-08-14T09:21:24.836992+10:00 s5gw-211 charon: 12[CFG]   using trusted certificate "C=AU, OU=RnD, O=Symstream, CN=test04038.rnd.symstream.com"
2012-08-14T09:21:24.842313+10:00 s5gw-211 charon: 12[IKE] authentication of 'C=AU, OU=RnD, O=Symstream, CN=test04038.rnd.symstream.com' with RSA signature successful
2012-08-14T09:21:24.842501+10:00 s5gw-211 charon: 12[IKE] peer supports MOBIKE
2012-08-14T09:21:24.850514+10:00 s5gw-211 charon: 12[IKE] authentication of 'C=AU, O=Symstream, OU=RnD, CN=vpngw02.symstream.com' (myself) with RSA signature successful
2012-08-14T09:21:24.850699+10:00 s5gw-211 charon: 12[IKE] IKE_SA svc_04042[2348] established between[C=AU, O=Symstream, OU=RnD, CN=vpngw02.symstream.com]...[C=AU, OU=RnD, O=Symstream, CN=test04038.rnd.symstream.com] with SPIs: cd9a93663217fceb_i 3995a67a42ae17a2_r*
2012-08-14T09:21:24.851004+10:00 s5gw-211 charon: 12[IKE] scheduling reauthentication in 21504s
2012-08-14T09:21:24.851193+10:00 s5gw-211 charon: 12[IKE] maximum IKE_SA lifetime 21564s
2012-08-14T09:21:24.851663+10:00 s5gw-211 charon: 12[KNL] no local address found in traffic selector
2012-08-14T09:21:24.855155+10:00 s5gw-211 charon: 12[KNL] no local address found in traffic selector
2012-08-14T09:21:24.855334+10:00 s5gw-211 charon: 12[IKE] CHILD_SA svc_04042{2268} established with SPIs c6462264_i cfdda145_o and TS === 
2012-08-14T09:21:24.855621+10:00 s5gw-211 charon: 12[ENC] generating IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) ]
2012-08-14T09:21:24.855962+10:00 s5gw-211 charon: 12[NET] sending packet: from[4500] to[4500]

On Mon, 2012-08-13 at 20:47 +0200, Andreas Steffen wrote:
> Hi Rich,
> IKEv2 spends most of its time (more than 80%) in public key
> computations (DH exchange and RSA signature generation).
> One way to accelerate the generation of the public DH factor
> without compromising security is the strongswan.conf setting
> libstrongswan {
>   dh_exponent_ansi_x9_42 = no
> }
> If you want still more big number acceleration then you
> would need a hardware accelerator with an OpenSSL engine
> interface.
> With more than 2000 tunnels linear search of the IKE SAs
> gets very slow. Read our HOWTO telling you to how to use hash
> tables to speed up the search:
> http://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable
> Best regards
> Andreas
> On 13.08.2012 12:54, Richard Andrews wrote:
> > Hi all
> > 
> > I'm building an M2M application using strongswan with RSA-sig auth. I
> > have a test bed running 5000 tunnels but I'm hitting a bottleneck in
> > tunnel setup speed. I'm only getting about 5 tunnels per second setup
> > (charon > 90% CPU).
> > 
> > What should I be investigating to increase the tunnel setup rate?
> > 
> > What crypto acceleration can charon make use of?
> > 
> > The test setup:
> >  - strongswan-4.6.2 (built from source for 64-bit).
> >  - RSA sig (2048 bit) + modp1024
> >  - Unique RSA key per tunnel wrapped in self-signed cert for convenient
> > ID + pubkey package.
> >  - 64-bit qemu-kvm guest (CentOS 6) is running charon. The host is a 3.2
> > GHz quad core machine.
> > 
> > Kernel level encrypted throughput (AES256) is good for my purposes, but
> > charon is consuming an unexpectedly large amount of CPU time when
> > tunnels are setup. So I'm guessing it's something specific to the RSA
> > calculations as AES seems to fly.
> > 
> > There is no other IO, no swap, running completely from RAM.
> > 
> > --
> >   Rich
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==

More information about the Users mailing list