From owner-freebsd-net@freebsd.org Thu Jul 2 06:12:37 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 167609920F9 for ; Thu, 2 Jul 2015 06:12:37 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-yk0-x22b.google.com (mail-yk0-x22b.google.com [IPv6:2607:f8b0:4002:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C71A4196E for ; Thu, 2 Jul 2015 06:12:36 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: by ykdv136 with SMTP id v136so59902716ykd.0 for ; Wed, 01 Jul 2015 23:12:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=BZ3CKIcnL/woSwhKg0l9whzHxHgUlGPnd19/BhSNJ1E=; b=u9MmeHld8pIm5UY89QKeDdFvqlJZGOXH6yzq/wy+GqLqlAXnTZ7i4xQgFg/DipyN+c O9ZytEP7c2RyT6CaRmzrm1AA5S808I3ZMYi3BOpsdZ2NFOg/7do0gy4L4xqmDr/LMILE ldzbdrpC38OW1YjWI2KmQ/qt8vEwae/s3TicZLwVhpcS0NhHUIk40LMRmnj0J1MpICRS mbpG75G+6SvfpYfnbMjsjJXWhEjzEsGmvBgIQYYdd/GI4E88weAc1Rc4f5M6+IOJLUd8 gLveEdV2P05rfG97vDtzSF1AvfUY9gEXNPKKD09M3N5NOOTgl9UdhaZnQRHXc4tBBdMG lrLw== MIME-Version: 1.0 X-Received: by 10.129.79.4 with SMTP id d4mr28976480ywb.15.1435817555877; Wed, 01 Jul 2015 23:12:35 -0700 (PDT) Sender: ermal.luci@gmail.com Received: by 10.129.83.139 with HTTP; Wed, 1 Jul 2015 23:12:35 -0700 (PDT) In-Reply-To: References: Date: Thu, 2 Jul 2015 08:12:35 +0200 X-Google-Sender-Auth: eC-oi4Mfb-Pndgk0Ln_lVaKpHx8 Message-ID: Subject: Re: strongswan ikev2 slow on FreeBSD (DigitalOcean) From: =?UTF-8?Q?Ermal_Lu=C3=A7i?= To: Zhihao Yuan Cc: freebsd-net Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jul 2015 06:12:37 -0000 AESNI is not hooked yet to the IPsec stack. On Thu, Jul 2, 2015 at 2:42 AM, Zhihao Yuan wrote: > It might be hypervisor's problem because they use KVM, but here are > some information I have: > > DO smallest instance. > > > uname -a > FreeBSD megashadow2 10.2-PRERELEASE FreeBSD 10.2-PRERELEASE #3 > r284996: Wed Jul 1 17:58:13 UTC 2015 > freebsd@megashadow2:/usr/obj/usr/src/sys/DOIPSEC amd64 > > cryptotest w/wo -p -- 2Gb/s, 400Mb/s, aesni, cryptodev present. > > strongswan ipsec.conf: > > ike=aes256-sha1-modp1024! > esp=aes256-sha1! > > NAT done through one simple pf rule. > > natstat -inw1 shows no error, no drop, just very small packets (10K-30K) > even > for large data. > > Top two functions in pmcstat -TS instructions -w1 are kernel > rijndaelEncrypt and sha1_step are the top two consuming function, > 10%-20% for each. > > TSO, IPSEC_DEBUG do not matter. > > Boost performance is same as Ubuntu 15 (300kb/s in ssh, downloading to > my laptop), but most of the time is < 100kb/s, and overall speed is > 50% slower. Uploading is good. > > -- > Zhihao Yuan, ID lichray > The best way to predict the future is to invent it. > ___________________________________________________ > 4BSD -- http://bit.ly/blog4bsd > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > -- > Ermal >