[strongSwan] Maximizing throughput / kernel bottlenecks

Martin Willi martin at strongswan.org
Fri Apr 1 07:30:50 CEST 2016


> There is no appreaciable load on any of the systems
> during throughput testing.

Please note that IPsec is usually processed in soft IRQ, so have a look
at the "si" field in top. If you are CPU bound, "perf" is very powerful
in analyzing the bottleneck on productive systems. If you are not CPU
bound, something else is probably wrong (packet loss, etc.).

> I've read that aes-gcm has been built to scale to 10ge and 40ge,

It has, but saturating such links definitely requires hardware support.

> Does anyone else have experience with higher throughput on
> their IPsec tunnels, whether or not utilizing aes-gcm?

If your CPU has AESNI/CLMUL support, depending on your CPU you should
at least get close to saturating a Gigabit link, even if using a single
core only.

If you have multiple tunnels, a NIC with multiple hardware queues can
share the load to more cores; if not pcrypt is an option.

With traditional algorithms you should achieve around 200-400Mbit, so
you should go for AES-GCM if your hardware supports it (make sure to
have rfc4106-gcm-aesni in /proc/crypto). Alternatively, you might give
the newer chacha20poly1305 AEAD a try; it provides good performance in
software, and even better performance with SSE2/AVX2 (since Linux 4.3).


More information about the Users mailing list