[strongSwan] Performance issue with 25k IPsec tunnels (using 5.0.4 strongswan and load-tester plugin)

Martin Willi martin at strongswan.org
Thu Oct 24 10:36:54 CEST 2013


> gmpn_addmul_1 function in  libgmp.so.3.4.1 consumes most of the CPU
> cycles on both the Linux systems 

Yes, this was to expect; DH computation is the most expensive task.

> Do I need to use the Libgcrypt instead of GMP library?

Probably that won't help, GMP is likely the fastest DH backend you can
use, see [1].

> 3.72%    charon  libgmp.so.3.4.1    __gmpn_addmul_1

The question is: why is it only eating ~4% of your CPU? Is it the same
percentage on both systems?

You'll have to find out what is limiting your throughput. What changes
if you initiate more aggressively? What is your overall CPU utilization
during testing?

You might also try to to --enable-lock-profiler; during daemon shutdown
it prints the cumulative time waited in each lock to stderr (run with
--nofork). That might give some indication if something is not scaling
as it should.



More information about the Users mailing list