[strongSwan] Repetitive "ignoring request with ID , already processing" message in high load
Vahid Ashrafian
vahid.arn at gmail.com
Thu Jun 25 12:38:09 CEST 2015
Hi
I need to test IPSec VPN in a powerful server with intel "E5-2650 v2" CPU,
10Gbps network link.
In the test when number of users (connections) reaches over 3000 or 4000
(simultaneously), network bandwidth starts to decrease and we have lots of
logs like "ignoring request with ID 1, already processing".
One thing I check is that start of rekeying process is related to this
problem since it's enforcing more load to the system, so I tried to
increase key-lifetime and rekeying margin to have more smooth distribution
in rekeying process, but that didn't help enough.
I also can simulate same log (ignoring request ...) by enforcing much more
of connection load (five times).
I need to mention that all the time, CPU usage never exceeds 20%. I also
optimized some kernel parameters to support this load (sysctl, etc) and
some strongswan parameters like number of charon threads and
ikesa_table_size.
Do you know what limitations can cause such problem?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150625/10fea792/attachment.html>
More information about the Users
mailing list