Date: Wed, 1 Jul 2015 19:42:33 -0500 From: Zhihao Yuan <lichray@gmail.com> To: freebsd-net@freebsd.org Subject: strongswan ikev2 slow on FreeBSD (DigitalOcean) Message-ID: <CAGsORuDcZz1Yq7rC4yQRT11ZyjPAq34txG9J%2Bh43mJ29L54w9w@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
It might be hypervisor's problem because they use KVM, but here are
some information I have:
DO smallest instance.
> uname -a
FreeBSD megashadow2 10.2-PRERELEASE FreeBSD 10.2-PRERELEASE #3
r284996: Wed Jul 1 17:58:13 UTC 2015
freebsd@megashadow2:/usr/obj/usr/src/sys/DOIPSEC amd64
cryptotest w/wo -p -- 2Gb/s, 400Mb/s, aesni, cryptodev present.
strongswan ipsec.conf:
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
NAT done through one simple pf rule.
natstat -inw1 shows no error, no drop, just very small packets (10K-30K) even
for large data.
Top two functions in pmcstat -TS instructions -w1 are kernel
rijndaelEncrypt and sha1_step are the top two consuming function,
10%-20% for each.
TSO, IPSEC_DEBUG do not matter.
Boost performance is same as Ubuntu 15 (300kb/s in ssh, downloading to
my laptop), but most of the time is < 100kb/s, and overall speed is
50% slower. Uploading is good.
--
Zhihao Yuan, ID lichray
The best way to predict the future is to invent it.
___________________________________________________
4BSD -- http://bit.ly/blog4bsd
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGsORuDcZz1Yq7rC4yQRT11ZyjPAq34txG9J%2Bh43mJ29L54w9w>