[strongSwan] Plugin load-tester
Martin Willi
martin at strongswan.org
Fri Jun 22 11:17:12 CEST 2012
> I noticed that about 50 ms are necessary to establish an IPSec tunnel.
> However when I put a delay of 20 ms, an IKE SA wasn't initiated every
> 20 ms. IKE SAs are initiated one after the other.
"delay" defines the interval each "initiator" triggers the initiation of
an IKE_SA (or to be exact, the sleep duration after sending the first
IKE_SA_INIT packet). So the interval might be a little higher, as the
thread needs some time to form the IKE_SA_INIT.
The time to establish a tunnel is not directly related to it. Instead,
tunnel setup time depends on processing power of your hosts, and of
course the round trip times of all exchanges.
> What about the real significance of the parameter "delay" ? Is it
> relevant only from a certain value ?
No, any value should work. It should allow you to put more load on the
responder to see what the stress limit is. Of course you can't initiate
faster than your client allows, and the "delay" comes to it's limits. It
might help to define additional "initiators" on a machine with multiple
cores, as each uses it's own thread.
Regards
Martin
More information about the Users
mailing list