Date: Thu, 17 Oct 2019 17:23:55 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Victor Gamov <vit@otcnet.ru>, freebsd-net@freebsd.org Subject: Re: ipsec on multicore VM Message-ID: <60e6d692-ed74-9aa3-98b0-24d13eb61be7@grosbein.net> In-Reply-To: <b2d9de74-294d-9a9c-cd8f-8b294776a7f3@otcnet.ru> References: <b2d9de74-294d-9a9c-cd8f-8b294776a7f3@otcnet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
09.10.2019 2:05, Victor Gamov wrote: > I have FreeBSD 11.2-STABLE #0 r343863 VM with 2 CPU and vxnet3 NIC. This host uses many if_ipsec and strongswan-5.7.2 to make site-to-site ipsec connections. > > When I use `tcpdump -nn -i <ext_iface> src <site1_ext_ip> and esp` then I got many reordered IPsec packets. > > Does tcpdump give me a real picture and I have reordering somewhere "on the wire" or packets may be reordered due more then one CPU read packets from NIC ? You may easily verify your suspiction disabling SMP inside the guest system temporary: nextboot -k kernel echo kern.smp.disabled=1 >> /boot/nextboot.conf shutdown -r now This way, the system will perform one-time boot with all cores but one disabled. Should it experience any problems booting this way, another reset of the VM will boot it normally, otherwise try running tcpdump while single CPU is used by kernel.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?60e6d692-ed74-9aa3-98b0-24d13eb61be7>