Date: Fri, 7 Dec 2018 18:40:40 +0300 From: Lev Serebryakov <lev@FreeBSD.org> To: FreeBSD Net <freebsd-net@freebsd.org>, FreeBSD Current <freebsd-current@freebsd.org> Cc: olivier@cochard.me Subject: Re: iflib.tx_abdicate: very strange behavior on incoming IPsec traffic (regression?) Message-ID: <bbd9b871-1e5c-de38-56a3-fef30616811a@FreeBSD.org> In-Reply-To: <93d241ab-abf8-7f9b-7876-ba727ec8fea4@FreeBSD.org> References: <94ec8936-4a66-ee1a-5a38-ee27a4bbfbee@FreeBSD.org> <93d241ab-abf8-7f9b-7876-ba727ec8fea4@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --TdfCbLHs8qMB1P1NzASTtIfev3QbrBW56 Content-Type: multipart/mixed; boundary="kcXWFDL3Tr7tv2Kf4ehp2U6RzU6Ck2Arb"; protected-headers="v1" From: Lev Serebryakov <lev@FreeBSD.org> Reply-To: lev@FreeBSD.org To: FreeBSD Net <freebsd-net@freebsd.org>, FreeBSD Current <freebsd-current@freebsd.org> Cc: olivier@cochard.me Message-ID: <bbd9b871-1e5c-de38-56a3-fef30616811a@FreeBSD.org> Subject: Re: iflib.tx_abdicate: very strange behavior on incoming IPsec traffic (regression?) References: <94ec8936-4a66-ee1a-5a38-ee27a4bbfbee@FreeBSD.org> <93d241ab-abf8-7f9b-7876-ba727ec8fea4@FreeBSD.org> In-Reply-To: <93d241ab-abf8-7f9b-7876-ba727ec8fea4@FreeBSD.org> --kcXWFDL3Tr7tv2Kf4ehp2U6RzU6Ck2Arb Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 07.12.2018 18:02, Lev Serebryakov wrote: >> (I'm not sure, that it is exactly "bug" or "defect" and want to > ... discuss it here before filing PR. >=20 >> Now I'm throwing IPsec into mix. All incoming traffic is tunneled wit= h >> IPsec policy, with aes-128-gcm encryption. And with IPsec tx_abdicate >> makes thing much worse and much more unstable. > I could say, that it doesn't matter, if I using IPsec with "tunnel" > policy to encrypt and tunnel transit traffic or if I add "gif" into mix= > and encrypt GIF traffic in "transport" mode. In both cases tx_abdicate > makes PPS much lower. And one more datapoint: if I'm using "null" cipher (so, IPsec is in play, but no real encryption is performed) losses in packet rate are about 50% from turning on tx_abdicate. It is worst-case scenario. And if I have outbound traffic (traffic is received without IPsec processing and sent with IPsec processing on other interface) I have noticeable gains, up to 15% in packets per second and bandwidth. So, lookslike tx_abdicate works well when it is applied to non-IPsec-processed traffic. --=20 // Lev Serebryakov --kcXWFDL3Tr7tv2Kf4ehp2U6RzU6Ck2Arb-- --TdfCbLHs8qMB1P1NzASTtIfev3QbrBW56 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE+W0coLX0MYtnSzMK6rA8WL/cR48FAlwKlHhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEY5 NkQxQ0EwQjVGNDMxOEI2NzRCMzMwQUVBQjAzQzU4QkZEQzQ3OEYACgkQ6rA8WL/c R4+/KBAAnewTJ2lxyYFYcQsvUFEyepxL+nVpWvS0BvXxHdgfrJAO/9zVHQT1fDF0 KSYgR97Z7yWVZBSkwxTiD73pgCUH6JGxuA+WscacAedVvS9bHogj0stW8+6ecb8Z dM/s8jBxfPaS6GhnCgJiPPyVU1lufe9AuCORYFinihXEPjzI7Wx0EI0AeKV2jqUB fVwimtsa3eLqtEDOfiuXGDy1Y6Pm7UK5LlrGeKhG9I3/rT7rMTSeuou0yy9IeIMX 7sgxmFSWKqbCKTB3rgeV/6y4VnlTPaQ5rQ1UVnKJdKs5XQKQJAxUhj//essnXb06 I5RovO/n0a5Sx/Jetqf9i/BXDuDWtDMOKKEhJlU3hwsK/cCaf8NLFIQEz2Mlm5dE 3W2BR1Sm+yOGU9PkVyribt/CKL6TqFoKg0h0/IUKTsbG0OhBXUJw8zE8+Eh7RKTe qBblaNpbQzWVAQtdisrZWE3FW90bmSQuEvOrnRpxBBmuiA33+l5gJmKVEWIIZubT iCH48+XugsTRhg0mEdXmOfvjptY4vtqHYcprZGUTQxttVYMbU7IiqM4+u1LfPr7b VnYI5kkPaSL7h/DYVBokSHffJ1NKZHizxU29U2hle9WP3dxnRYOuyD4b8qNLlpBW zwyWN35JNEDdVQEPJ+sxdZ+harYZ2XNmyhe8ZjXWvrsX1uPWTuk= =pGNS -----END PGP SIGNATURE----- --TdfCbLHs8qMB1P1NzASTtIfev3QbrBW56--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bbd9b871-1e5c-de38-56a3-fef30616811a>