[strongSwan] Performance issue with 25k IPsec tunnels (using 5.0.4 strongswan and load-tester plugin)
Martin Willi
martin at strongswan.org
Thu Oct 24 10:36:54 CEST 2013
Hi,
> gmpn_addmul_1 function in libgmp.so.3.4.1 consumes most of the CPU
> cycles on both the Linux systems
Yes, this was to expect; DH computation is the most expensive task.
> Do I need to use the Libgcrypt instead of GMP library?
Probably that won't help, GMP is likely the fastest DH backend you can
use, see [1].
> 3.72% charon libgmp.so.3.4.1 __gmpn_addmul_1
The question is: why is it only eating ~4% of your CPU? Is it the same
percentage on both systems?
You'll have to find out what is limiting your throughput. What changes
if you initiate more aggressively? What is your overall CPU utilization
during testing?
You might also try to to --enable-lock-profiler; during daemon shutdown
it prints the cumulative time waited in each lock to stderr (run with
--nofork). That might give some indication if something is not scaling
as it should.
Regards
Martin
[1]http://wiki.strongswan.org/projects/strongswan/wiki/PublicKeySpeed
More information about the Users
mailing list