Date: Fri, 24 Apr 2015 03:06:39 +0200 From: Sydney Meyer <meyer.sydney@googlemail.com> To: freebsd-net@freebsd.org Subject: Re: IPSec Performance under Xen Message-ID: <A10060B0-49B9-420F-8A95-A132E0CBCA5E@gmail.com> In-Reply-To: <553995A6.60603@FreeBSD.org> References: <CF189888-FD6B-4407-8360-56206D49DD6D@gmail.com> <55397FB3.6080702@yandex.ru> <079851FA-50AC-47E8-B4BE-D97DE4C185B5@gmail.com> <553995A6.60603@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
You're right.. strongswan fails/hangs with: initiating IKE_SA host-host[1] to 10.0.30.66 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) = N(HASH_ALG) ] sending packet: from 10.0.30.114[500] to 10.0.30.66[500] (1148 bytes) received packet: from 10.0.30.66[500] to 10.0.30.114[500] (456 bytes) parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) = N(HASH_ALG) N(MULT_AUTH) ] authentication of 'sun.strongswan.org' (myself) with pre-shared key establishing CHILD_SA host-host generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH = N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) = N(EAP_ONLY) ] sending packet: from 10.0.30.114[4500] to 10.0.30.66[4500] (444 bytes) retransmit 1 of request with message ID 1 sending packet: from 10.0.30.114[4500] to 10.0.30.66[4500] (444 bytes) retransmit 2 of request with message ID 1 sending packet: from 10.0.30.114[4500] to 10.0.30.66[4500] (444 bytes) .. S. > On Apr 24, 2015, at 03:00, Andrey V. Elsukov <ae@FreeBSD.org> wrote: >=20 > On 24.04.2015 03:55, Sydney Meyer wrote: >> Andrey, >>=20 >> with your patch applied the performance drop while using the >> IPSEC-enabled kernel without doing actual IPSec traffic seems to be >> gone. >>=20 >> I haven't tested IPSec itself yet, as i had to start from scratch >> with new VM's but i will set up a IPSec connection and report back. >=20 > Thank you. But I think something will not work if you try it with = IPSec. > Probably if you use some IKE software, it will not work with this = patch. >=20 > --=20 > WBR, Andrey V. Elsukov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A10060B0-49B9-420F-8A95-A132E0CBCA5E>