Date: Sun, 12 May 2019 06:54:04 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 128030] [ipsec] Enable IPSec in GENERIC kernel configuration Message-ID: <bug-128030-7501-NBoM8z3IE7@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-128030-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-128030-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D128030 --- Comment #30 from Kubilay Kocak <koobs@FreeBSD.org> --- Author: gallatin Date: Thu May 9 22:38:15 2019 New Revision: 347410 URL: https://svnweb.freebsd.org/changeset/base/347410 Log: Remove IPSEC from GENERIC due to performance issues Having IPSEC compiled into the kernel imposes a non-trivial performance penalty on multi-threaded workloads due to IPSEC refcounting. In my benchmarks of multi-threaded UDP transmit (connected sockets), I've seen a roughly 20% performance penalty when the IPSEC option is included in the kernel (16.8Mpps vs 13.8Mpps with 32 senders on a 14 core / 28 HTT Xeon 2697v3)). This is largely due to key_addref() incrementing and decrementing an atomic reference count on the default policy. This cause all CPUs to stall on the same cacheline, as it bounces between different CPUs. Given that relatively few users use ipsec, and that it can be loaded as a module, it seems reasonable to ask those users to load the ipsec module so as to avoid imposing this penalty on the GENERIC kernel. Its my hope that this will make FreeBSD look better in "out of the box" benchmark comparisons with other operating systems. Many thanks to ae for fixing auto-loading of ipsec.ko when ifconfig tries to configure ipsec, and to cy for volunteering to ensure the the racoon ports will load the ipsec.ko module Reviewed by: cem, cy, delphij, gnn, jhb, jpaetzel Differential Revision: https://reviews.freebsd.org/D20163 Modified: head/UPDATING head/sys/amd64/conf/GENERIC head/sys/arm/conf/std.armv6 head/sys/arm/conf/std.armv7 head/sys/arm64/conf/GENERIC head/sys/i386/conf/GENERIC head/sys/powerpc/conf/GENERIC head/sys/powerpc/conf/GENERIC64 head/sys/riscv/conf/GENERIC head/sys/sparc64/conf/GENERIC --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-128030-7501-NBoM8z3IE7>