[strongSwan] Using multiple UDP sockets with SO_REUSEPORT option to increase high connection rate

Martin Willi martin at strongswan.org
Mon Mar 24 11:46:13 CET 2014


> From the above statistics, it just means that Receiver thread ( of
> Charon daemon at IKE Responder end) is not reading the socket fast
> enough.

Of course. If your system under test is overloaded (by plain CPU power,
or due to locking bottlenecks), it will reduce the rate it receives from
the socket as well. This is fine, as just reading in packets that the
system can't handle doesn't help. Better drop it early, and process a
retransmit the initiator sends anyway.

In my test, the receiver function receive_packets() consumes way less
than 1% of the burned CPU cycles. So I really don't think there is a
bottleneck related to this thread.

> Here goes the output of “ipsec statusall" at IKE
> responder end during test?

> worker threads: 24 of 32 idle, 6/2/0/0 working, job queue: 0/2/0/0, scheduled: 37639

If this has been captured during your maximum load, there is indeed
something wrong. And you didn't specify any job priority?

Can you identify an operation that could be a bottleneck? Where go the
used CPU cycles to (excluding blocking operations, such as condvar

Have you tried --enable-lock-profiler to find locked sections blocking


More information about the Users mailing list