From owner-freebsd-net@FreeBSD.ORG Thu Apr 23 23:28:46 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0F619A40 for ; Thu, 23 Apr 2015 23:28:46 +0000 (UTC) Received: from forward5l.mail.yandex.net (forward5l.mail.yandex.net [IPv6:2a02:6b8:0:1819::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Certum Level IV CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C0E1D125C for ; Thu, 23 Apr 2015 23:28:45 +0000 (UTC) Received: from smtp3h.mail.yandex.net (smtp3h.mail.yandex.net [IPv6:2a02:6b8:0:f05::117]) by forward5l.mail.yandex.net (Yandex) with ESMTP id 6EB71C410E3; Fri, 24 Apr 2015 02:28:34 +0300 (MSK) Received: from smtp3h.mail.yandex.net (localhost [127.0.0.1]) by smtp3h.mail.yandex.net (Yandex) with ESMTP id D71621B47EF3; Fri, 24 Apr 2015 02:28:33 +0300 (MSK) Received: from unknown (unknown [2a02:6b8:0:6::a8]) by smtp3h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O1shYZ0keC-SXhaMRJ7; Fri, 24 Apr 2015 02:28:33 +0300 (using TLSv1.2 with cipher AES128-SHA (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1429831713; bh=k+yQdFpVajCGreBbVdGSKYASARWBkZi9vgBo0kmCbQw=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:Subject: References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=pvhFrN9Kb0votHEkqZIPAuQADMmuvJ4SCdnC4VPuVTpNV39M7ZRizMv+gwfhS8+on jC/b9YSv/FDl8FhUhI3JA3ZkREs7uumMhKzG1YHtqAlqgAaMQi87Z6WKYuY7S8Tl5A Y7bJQvnB+fHHfaI+ezn7ijdBP0H3NRcMkV1/+khc= Authentication-Results: smtp3h.mail.yandex.net; dkim=pass header.i=@yandex.ru Message-ID: <55397FB3.6080702@yandex.ru> Date: Fri, 24 Apr 2015 02:26:43 +0300 From: "Andrey V. Elsukov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: Sydney Meyer , freebsd-net@freebsd.org Subject: Re: IPSec Performance under Xen References: In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2015 23:28:46 -0000 On 24.04.2015 01:00, Sydney Meyer wrote: > Hello, > > I have set up 2 VM's under Xen running each one IPSec-Endpoint. > Everything seems to work fine, but (measured with benchmarks/iperf) > the performance drops from ~10 Gb/s on a non-IPSec-Kernel to ~200 > Mb/s with IPSec compiled in, regardless of whether actually using > IPSec or not. Can you test this patch to see the difference? It isn't a fix. It is just to see how will help avoiding of PCB check. --- ip_output.c (revision 281867) +++ ip_output.c (working copy) @@ -482,7 +482,7 @@ again: sendit: #ifdef IPSEC - switch(ip_ipsec_output(&m, inp, &flags, &error)) { + switch(ip_ipsec_output(&m, NULL, &flags, &error)) { case 1: goto bad; case -1: -- WBR, Andrey V. Elsukov