Date: Sun, 8 Dec 2013 20:02:42 +0100 From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <olivier@cochard.me> To: Eitan Adler <lists@eitanadler.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, Robert Millan <rmh@debian.org>, "debian-bsd@lists.debian.org" <debian-bsd@lists.debian.org> Subject: Re: IPSEC Message-ID: <CA%2Bq%2BTcrSZitbJkPJFO501O1MVWe8o2o%2BP_S_a3q21NdPtSGewQ@mail.gmail.com> In-Reply-To: <CAF6rxgntjNFdr8unFQC=OWCNs7-UDYJaE30v4heWh_EeOg1JGA@mail.gmail.com> References: <523457A1.3090606@debian.org> <CAF6rxgntjNFdr8unFQC=OWCNs7-UDYJaE30v4heWh_EeOg1JGA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 8, 2013 at 12:16 AM, Eitan Adler <lists@eitanadler.com> wrote: > Hi all, > > I understand this is an old thread but I do not see an answer here. > Can anyone answer the question below? > > On Sat, Sep 14, 2013 at 8:33 AM, Robert Millan <rmh@debian.org> wrote: >> >> Hi! >> >> Is there any particular reason (performance, stability concerns...) >> IPSEC support is not enabled in GENERIC? >> >> In Debian GNU/kFreeBSD we're considering enabling it in our default >> builds, due to increased user demand and as it is already enabled for >> our Linux-based flavours. >> >> However we're concerned about diverging from FreeBSD as there might be >> unforeseen consequences. Is there any specific concern on your side? >> >> If not, perhaps it could be considered for HEAD after 10.0 release? > > Here are my own bench result regarding forwarding speed (paquet-per-second) with a kernel compiled without-ipsec and with ipsec (ipsec is not enabled during the tests, just present on the kernel) of FreeBSD 10.0-PRERELEASE: ministat -s without-ipsec ipsec x without-ipsec + ipsec +--------------------------------------------------------------------------------+ |x + x + +x x x + +| | |__________________A_____M____________| | | |_______________M_________A__________________________| | +--------------------------------------------------------------------------------+ N Min Max Median Avg Stddev x 5 1646075 1764528 1725461 1713080 44560.059 + 5 1685034 1833206 1724461 1748666.8 62356.218 No difference proven at 95.0% confidence I didn't see negative impact of enabling ipsec (it's even a little bit better with it). Regards, Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bq%2BTcrSZitbJkPJFO501O1MVWe8o2o%2BP_S_a3q21NdPtSGewQ>