[strongSwan] Hardware for 1gbp/s
Hose
hose+strongswan at bluemaggottowel.com
Mon Apr 11 19:34:18 CEST 2016
What you say...Fred (curious_freddy at gmsl.co.uk):
>
> What kind of hardware is required to maintain a point to point ipsec link
> with 1gbp/s b/w with Strongswan at each end.
>
> Are there any things/overheads to be aware of from the Strongswan side of
> things? Performance degradation, lower throughput etc as a result of running
> the actual crypto.
>
> Fred.
Good luck with this. Unfortunately no one seems to have any concrete
information (asked about this previously). My testing shows that there's
a bottleneck somewhere between 200-300mb/s most likely in the kernel
somewhere, as throwing more cores and attempting to parallelize it
improves nothing. Those things may help with multiple IPsec tunnels, but
a single tunnel doesn't show any improvement.
This was on Debian 8.3 with various kernels in there
ranging from 3.2 to 3.16; a newer kernel may help, but that's just
speculation.
hose
More information about the Users
mailing list