Date: Sun, 2 May 2021 16:08:18 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Mark Johnston <markj@freebsd.org>, =?UTF-8?Q?=c3=96zkan_KIRIK?= <ozkan.kirik@gmail.com> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: IPsec performace - netisr hits %100 Message-ID: <50cfc0e6-5cc6-7004-2566-bc06428d4394@yandex.ru> In-Reply-To: <YIxpdL9b6v8%2BN%2BLg@nuc> References: <CAAcX-AF=0s5tueCuanFKkoALNkRnWJ-8QrzfCqSu=ReoWvqMug@mail.gmail.com> <YIxpdL9b6v8%2BN%2BLg@nuc>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --NSOW9Ri3VPfy3up6qZQwXjwHxiszOoES5 Content-Type: multipart/mixed; boundary="6gJvw4Rnr7QpXaiyFsxtb5WniHvp3jCZA"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Mark Johnston <markj@freebsd.org>, =?UTF-8?Q?=c3=96zkan_KIRIK?= <ozkan.kirik@gmail.com> Cc: FreeBSD Net <freebsd-net@freebsd.org> Message-ID: <50cfc0e6-5cc6-7004-2566-bc06428d4394@yandex.ru> Subject: Re: IPsec performace - netisr hits %100 References: <CAAcX-AF=0s5tueCuanFKkoALNkRnWJ-8QrzfCqSu=ReoWvqMug@mail.gmail.com> <YIxpdL9b6v8+N+Lg@nuc> In-Reply-To: <YIxpdL9b6v8+N+Lg@nuc> --6gJvw4Rnr7QpXaiyFsxtb5WniHvp3jCZA Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable 30.04.2021 23:32, Mark Johnston =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > Second, netipsec unconditionally hands rx processing off to netisr > threads for some reason, that's why changing the dispatch policy doesn'= t > help. Maybe it's to help avoid running out of kernel stack space or to= > somehow avoid packet reordering in some case that is not clear to me. = I > tried a patch (see below) which eliminates this and it helped somewhat.= > If anyone can provide an explanation for the current behaviour I'd > appreciate it. Previously we have reports about kernel stack overflow during IPsec processing. In your example there is only one IPsec transform is configured, but it is possible to configure several in the bundle, AFAIR, it is limited to 4 transforms. E.g. if you configure ESP+AH - it is bundle of two transforms and this will grow kernel stack requirements.= --=20 WBR, Andrey V. Elsukov --6gJvw4Rnr7QpXaiyFsxtb5WniHvp3jCZA-- --NSOW9Ri3VPfy3up6qZQwXjwHxiszOoES5 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAmCOpEIFAwAAAAAACgkQAcXqBBDIoXr0 HAgAqLOzhXvJFhDtmv7a+jQKxSZk0r3Fzxwl4n1RB9zLwkNTva0/8iCRE5oyCki/v7v8yxaoIVq5 bz8ptqtKC5UrUcP21RMrCQkGt9Tv3lyvz8U/vGx4wPPMrQVVeOEBN1Tn6/M4cj6+U2Kqe8DcDqNT 05Eb0v7rT3WX+tGIxc1sjNIWgN/CR3AOqitNBKL6yJ/Nnr/lVx8lz3DeTZaCKLVn/sKNlYNqmoWa RxyHFv45/oZvYA8L1mQgtd0rpZE2k1QB69OZnhXzGfrNY5YY46mzTz/M3dX+CCThpyU9911Z5CMd EOz0eWMZJgIhUn5/EjO2aVPgJ3zHyxqyHFpURGg54w== =BM6w -----END PGP SIGNATURE----- --NSOW9Ri3VPfy3up6qZQwXjwHxiszOoES5--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50cfc0e6-5cc6-7004-2566-bc06428d4394>