[strongSwan] A bug of nat-virtua-ip ?
martin at strongswan.org
Fri Jun 1 14:10:11 CEST 2012
> moon :
> cpu: 333 MHz PowerPC
> Then the client alice send the udp packets of 100 bytes length every
> 10 microseconds with about 10 threads at one time. Under these
> circumstances, the idle of moon's CPU would be less than 10%, even
> 0% .
10 * 100 bytes / 0.00001s = 100MB/s
If you are really sending this much traffic, your embedded CPU is
clearly overloaded, I don't think it can handle 100MB/s IPsec traffic.
> The second experiment, I used the same hardware platform to set up a
> environment which just set up the NAT and open the ip_forward in the
> moon. And the udp packets of alice sent out to the gateway sun only
> through the NAT of moon. The result is that the idle of moon's CPU
> would be more than 95% all the time
Did you have any IPsec processing in the first or second experiment? Are
you sure that you have measured this correctly? I don't think that your
CPU can handle much more than 1MB/s with 5% CPU load...
More information about the Users