[strongSwan] Retransmission issue under high load

Chinmaya Dwibedy ckdwibedy at yahoo.com
Mon Mar 10 11:48:11 CET 2014


Hi All,
I am running with 200k IPsec tunnels. Although it can bring
up all those tunnels successfully, I find, there are lots of retransmissions in
charon.log. 
Jan 1 00:10:29 56[IKE] retransmit 1 of request with message
ID 0 (IKE Initiator)
Jan 1 00:10:45 49[IKE] received retransmit of request with
ID 0, retransmitting response (IKE Responder)
I know, these are certainly considered to be bad.  Checked the CPU usage of Charon daemon at IKE
responder end (through top –p <PID of Charon daemon>) and found to be
less than 10% (mostly). Upon profiling it shows that, most of the time it
spends in pthread_mutex_lock ().  Note, I
have set the retransmit_timeout and retransmit_tries to 60 seconds and 30 times
respectively, which is a quite bug. Can anyone please guide/suggest what might be
the issue?
 
Regards,
Chinmaya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140310/ca45ddff/attachment.html>


More information about the Users mailing list