[strongSwan] Strongswan 5.1.3: traffic processing spans to only one core in a multi-core environment

Shahreen Ahmed sahmed at adax.co.uk
Mon Jun 30 12:17:11 CEST 2014 

Hi there,

I am using Strongswan 5.1.3 tool for a site-site scenario described in 
the following link.

http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/

So my config files resemble to the example files given in the above 
links (except just the IP addresses).

I am trying to do Benchmark on unidirectional traffic so each Ipsec GW 
will either process on encryption/decryption. I am sending UDP traffic 
which is being encrypted as ESP payload in an Intel server whose CPU is 
12 core 2.0 GHz.

By stressing with traffic it seems I can achieve maximum 43% line rate 
for larger Pkt size (1400b) and only 28% line rate for smaller packet 
size (256b).

Looking at the top output it seems that only 1 core is occupied and 
reaches to 100% of consumption.

encryptor:
top - 15:17:49 up 2 days,  5:55,  3 users,  load average: 0.82, 0.74, 0.60
Tasks: 190 total,   2 running, 188 sleeping,   0 stopped, 0 zombie
Cpu0  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa, 0.0%hi,  0.0%si,  
0.0%st
Cpu1  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa, 0.0%hi,  0.0%si,  
0.0%st
Cpu2  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa, 0.0%hi,  0.0%si,  
0.0%st
Cpu3  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa, 0.0%hi,  0.0%si,  
0.0%st
Cpu4  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa, 0.0%hi,  0.0%si,  
0.0%st
Cpu5  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa, 0.0%hi,  0.0%si,  
0.0%st
Cpu6  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa, 0.0%hi,  0.0%si,  
0.0%st
Cpu7  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa, 0.0%hi,  0.0%si,  
0.0%st
Cpu8  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa, 0.0%hi,  0.0%si,  
0.0%st
Cpu9  :  0.0%us,  0.0%sy,  0.0%ni, 98.7%id,  0.0%wa, 0.0%hi,  1.3%si,  
0.0%st
Cpu10 :  0.0%us,  0.0%sy,  0.0%ni,  0.0%id,  0.0%wa, 0.0%hi,*100.0%si,*  
0.0%st
Cpu11 :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa, 0.0%hi,  0.0%si,  
0.0%st
Mem:   8138304k total,   728788k used,  7409516k free, 189608k buffers
Swap:  8191992k total,        0k used,  8191992k free, 338440k cached

   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM TIME+ COMMAND
    33 root      39  19     0    0    0 R *99.9*  0.0  89:15.55 
ksoftirqd/10
     1 root      15   0 10348  692  584 S  0.0  0.0 0:04.69 init
     2 root      RT  -5     0    0    0 S  0.0  0.0 0:00.70 migration/0

Can you please let us know this is so? How should we make sure that all 
CPU are engaged in this packet processing(encryption or decryption). Is 
there any configuration to be tuned?

Thanks,

-- 

Shahreen Noor Ahmed
Network Support Department
Adax Europe Ltd
url: www.adax.com
e-mail: sahmed at adax.co.uk
Direct line: +44(0)118 952 2804

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140630/971d6d3b/attachment.html>

More information about the Users mailing list