[strongSwan] Parallelism in ESP userspace processing?
Alexander Sbitnev
alexander.sbitnev at gmail.com
Tue Sep 16 10:27:13 CEST 2014
You mean that for multiple ESP SA there can be multiple working thread
involved?
Performance is critical as usual, but not a priority and userspace with
its portability is much more critical for me.
I suppose it is possible to add dispersal of incoming packets with one
ESP SA across multiple workers.
I will try to dig if it possible to make patch in future. Just asked
about heads-up for right now. Thanks Martin for your replay.
On 16.09.2014 11:42, Martin Willi wrote:
> Hi,
>
>> For kernel space there is only one thread in ordinary case. But is there
>> anything different for userspace backend?
> No, our libipsec userspace IPsec backend currently uses a single thread
> in each flow direction.
>
> If performance is critical, you certainly should use a kernel based
> IPsec backend. It avoids moving packets between kernel and userspace. If
> parallelism is required on Linux, you may have a look at the pcrypt
> mechanism.
>
> Regards
> Martin
>
More information about the Users
mailing list