Date: Thu, 2 Jul 2015 08:12:35 +0200 From: =?UTF-8?Q?Ermal_Lu=C3=A7i?= <eri@freebsd.org> To: Zhihao Yuan <lichray@gmail.com> Cc: freebsd-net <freebsd-net@freebsd.org> Subject: Re: strongswan ikev2 slow on FreeBSD (DigitalOcean) Message-ID: <CAPBZQG1Q8=du8k419b-zxmM1jp3eKQcbGiRdVcmbXASkkuWOSw@mail.gmail.com> In-Reply-To: <CAGsORuDcZz1Yq7rC4yQRT11ZyjPAq34txG9J%2Bh43mJ29L54w9w@mail.gmail.com> References: <CAGsORuDcZz1Yq7rC4yQRT11ZyjPAq34txG9J%2Bh43mJ29L54w9w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
AESNI is not hooked yet to the IPsec stack. On Thu, Jul 2, 2015 at 2:42 AM, Zhihao Yuan <lichray@gmail.com> wrote: > It might be hypervisor's problem because they use KVM, but here are > some information I have: > > DO smallest instance. > > > uname -a > FreeBSD megashadow2 10.2-PRERELEASE FreeBSD 10.2-PRERELEASE #3 > r284996: Wed Jul 1 17:58:13 UTC 2015 > freebsd@megashadow2:/usr/obj/usr/src/sys/DOIPSEC amd64 > > cryptotest w/wo -p -- 2Gb/s, 400Mb/s, aesni, cryptodev present. > > strongswan ipsec.conf: > > ike=aes256-sha1-modp1024! > esp=aes256-sha1! > > NAT done through one simple pf rule. > > natstat -inw1 shows no error, no drop, just very small packets (10K-30K) > even > for large data. > > Top two functions in pmcstat -TS instructions -w1 are kernel > rijndaelEncrypt and sha1_step are the top two consuming function, > 10%-20% for each. > > TSO, IPSEC_DEBUG do not matter. > > Boost performance is same as Ubuntu 15 (300kb/s in ssh, downloading to > my laptop), but most of the time is < 100kb/s, and overall speed is > 50% slower. Uploading is good. > > -- > Zhihao Yuan, ID lichray > The best way to predict the future is to invent it. > ___________________________________________________ > 4BSD -- http://bit.ly/blog4bsd > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > -- > Ermal >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPBZQG1Q8=du8k419b-zxmM1jp3eKQcbGiRdVcmbXASkkuWOSw>