[strongSwan] Strongswan 5.1.3: traffic processing spans to only one core in a multi-core environment
sahmed at adax.co.uk
Fri Jul 11 17:15:41 CEST 2014
I am currently using 'esp=aes128gcm16' based encryption and seeing
improvement in throughput. The authentication is based on x.509
certificates and the server CPU has 'aes' flag enabled.
I am following this link below as a reference on performance measurement
done by Intel.
Where 2Gbps could be achieved with single core using AES-NI-GCM crypto
Can you please give me a bit of guideline on to get this much
throughput, if I would need to take any further configuration
option/trick into account.
Your response would be highly appreciated.
Shahreen Noor Ahmed
Network Support Department
Adax Europe Ltd
e-mail: sahmed at adax.co.uk
Direct line: +44(0)118 952 2804
On 09/07/2014 16:47, Shahreen Ahmed wrote:
> Hi Martin,
> In my setup I used AES-128 encryption with pre-shared key based
> On the following hashed mark point, can you please give me a bit more
> detail about how should we make the following into effect i,e enabling
> AES-NI or AES-GCM? Should we do it using ipsec.conf config files or we
> need something else?
> AES-NI is quite powerful and should allow you to increase your
> throughput. However, running AES in GCM mode is preferable, as using a
> traditional HMAC integrity function could become the bottleneck
> Shahreen Noor Ahmed
> Network Support Department
> Adax Europe Ltd
> url: www.adax.com
> e-mail: sahmed at adax.co.uk
> Direct line: +44(0)118 952 2804
> On 02/07/2014 10:56, Martin Willi wrote:
>>> By stressing with traffic it seems I can achieve maximum 43% line rate
>>> for larger Pkt size (1400b) and only 28% line rate for smaller packet
>>> size (256b).
>>> Looking at the top output it seems that only 1 core is occupied and
>>> reaches to 100% of consumption.
>> This is what to expect, and has been discussed a few times, for example
>> at .
> Users mailing list
> Users at lists.strongswan.org
More information about the Users