[strongSwan] can large number of TS or xfrm cause slowness

SM K sacho.polo at gmail.com
Thu Dec 4 20:27:38 CET 2014


Hi,

I am running some scalibility tests with ike2 where the responder uses many
traffic selectors (around 35 of them defined in rightsubnet) to narrow down
the client traffic. I see that the responder gets slow and the tests start
failing after say 250 tunnels. If I open up the rightsubnet to 0.0.0.0/0, i
can pump in a tunnels in the thousands. I am debugging this further, but I
would like to know if anyone has experienced something like this. Each of
the subnet in the TS sets up an xfrm policy, and I wonder if it is the xfrm
lookup that is getting slow as the number of tunnels increase.

-smk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141204/bdf21755/attachment.html>


More information about the Users mailing list