[strongSwan] Big packet loss under load
Martin Willi
martin at strongswan.org
Thu May 15 14:27:58 CEST 2014
Hi Roland,
> These processes initiate a few hundred sockets between VMs and generate
> some (reasonable) CPU load.
Can you quantify this in more detail? What is the overall bandwidth used
by that traffic?
How much is that CPU load? Please be aware that usually Linux handles
IPsec processing in the softirq routine of your NIC, i.e. is bound to a
single CPU core. The "si" column in "top" is usually a good indicator
how much load you actually have.
Is there any flow control (TCP) involved for that traffic, or are these
processes just hammering out packets?
> I tried generating big traffic between phys* (by sending lots of data
> from vm15 to vm25 and back, using netcat), but even with 50 MB/s going
> across and back, I can't see any packet loss
When using netcat with TCP, flow control takes care that packet loss is
minimal. You may try to switch to iperf with some larger UDP bandwidths
to check if you can reproduce these losses. Also, if you have a few
hundred sockets some special Netfiltering/Conntracking may slow things
down compared to a single TCP stream?
Regards
Martin
More information about the Users
mailing list