Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 12 May 2019 06:54:04 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 128030] [ipsec] Enable IPSec in GENERIC kernel configuration
Message-ID:  <bug-128030-7501-NBoM8z3IE7@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-128030-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-128030-7501@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D128030

--- Comment #30 from Kubilay Kocak <koobs@FreeBSD.org> ---
Author: gallatin
Date: Thu May  9 22:38:15 2019
New Revision: 347410
URL: https://svnweb.freebsd.org/changeset/base/347410

Log:
  Remove IPSEC from GENERIC due to performance issues

  Having IPSEC compiled into the kernel imposes a non-trivial
  performance penalty on multi-threaded workloads due to IPSEC
  refcounting. In my benchmarks of multi-threaded UDP
  transmit (connected sockets), I've seen a roughly 20% performance
  penalty when the IPSEC option is included in the kernel (16.8Mpps
  vs 13.8Mpps with 32 senders on a 14 core / 28 HTT Xeon
  2697v3)). This is largely due to key_addref() incrementing and
  decrementing an atomic reference count on the default
  policy. This cause all CPUs to stall on the same cacheline, as it
  bounces between different CPUs.

  Given that relatively few users use ipsec, and that it can be
  loaded as a module, it seems reasonable to ask those users to
  load the ipsec module so as to avoid imposing this penalty on the
  GENERIC kernel. Its my hope that this will make FreeBSD look
  better in "out of the box" benchmark comparisons with other
  operating systems.

  Many thanks to ae for fixing auto-loading of ipsec.ko when
  ifconfig tries to configure ipsec, and to cy for volunteering
  to ensure the the racoon ports will load the ipsec.ko module

  Reviewed by:  cem, cy, delphij, gnn, jhb, jpaetzel
  Differential Revision:        https://reviews.freebsd.org/D20163

Modified:
  head/UPDATING
  head/sys/amd64/conf/GENERIC
  head/sys/arm/conf/std.armv6
  head/sys/arm/conf/std.armv7
  head/sys/arm64/conf/GENERIC
  head/sys/i386/conf/GENERIC
  head/sys/powerpc/conf/GENERIC
  head/sys/powerpc/conf/GENERIC64
  head/sys/riscv/conf/GENERIC
  head/sys/sparc64/conf/GENERIC

--=20
You are receiving this mail because:
You are on the CC list for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-128030-7501-NBoM8z3IE7>