[Swan] Libreswan Performance

Craig Marker Tue, 28 Mar 2017 13:11:43 -0700

I am running some iperf3 bandwidth tests and noticing poor performance on 
Libreswan v3.19. When I ran similar tests on v3.15, I didn’t run into these 
performance issues. On v3.15,
I would see bandwidth around 700Mbps, where now the max I’ve seen in 300Mbps. 
It seems like the process ‘ksoftirqd’ is hogging the CPU. I’ve tried playing 
around with linux irq
settings, as well as tx and rx queue length and CPU affinity. No luck. I’m 
wondering if anyone has experienced this and, if so, how they have handled it.


The iperf3 client is on one end of the IPsec tunnel’s local network. The iperf3 
server is on the other end’s local network. This is a representation of my 
setup:

iperf3 client —> tunnel endpoint A       —> tunnel endpoint B      —> iperf3 
server
 10.200.1.1  10.200.1.210     10.200.0.210    10.200.0.92          10.200.2.2   
 10.200.2.11

The iperf3 client command I’m running is iperf3 -c 10.200.2.11 -p 54321 -t 120 
-R and the iperf3 server command I’m running is iperf3 -sp 54321. I’ve also 
tried running
with multiple iperf3 client/servers, and the performance results are about the 
same.

Here’s the configuration for tunnel endpoint B:

config setup
dumpdir=/var/run/pluto/
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
protostack=netkey

# begin conn local
conn local
left=10.200.0.210
leftid="@client"
leftsubnet=10.200.1.0/24
rightid="@is1"
rightsubnet=10.200.2.0/24
rightcert=server
right=10.200.0.92
authby=rsasig
auto=ignore
type=tunnel
compress=no
pfs=yes
ikepad=yes
authby=rsasig
phase2=esp
ikev2=permit
esn=no

Here’s the configuration for tunnel endpoint A:

config setup
dumpdir=/var/run/pluto/
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
protostack=netkey

# begin conn local
conn local
left=10.200.0.210
leftid="@client"
leftsubnet=10.200.1.0/24
leftcert=client
rightid="@is1"
rightsubnet=10.200.2.0/24
right=10.200.0.92
authby=rsasig
auto=ignore
type=tunnel
compress=no
pfs=yes
ikepad=yes
authby=rsasig
phase2=esp
ikev2=permit
esn=no
# end conn local

This is what I’m seeing when I run top on tunnel endpoint A:
  PID   USER      PR  NI    VIRT    RES    SHR S   %CPU %MEM     TIME+ COMMAND
   13    root          20   0       0       0      0 R   99.7   0.0   24:32.94 
ksoftirqd/1
  434   root          20   0       0       0      0 S   0.3   0.0   0:08.04 
xfsaild/dm-1
  913   root           0 -20       0       0      0 S   0.3   0.0    0:00.39 
kworker/1:1H
 9683  root          20   0       0       0      0 S   0.3   0.0   0:03.94 
kworker/0:3
21067 root          20   0       0       0      0 S   0.3   0.0   0:01.26 
kworker/1:0
25264 cmarker   20   0  157696   2216   1556 R   0.3   0.0   0:00.76 top
    1     root          20   0   46168    6684   3956 S   0.0   0.1   0:10.36 
systemd
    2     root          20   0       0       0      0 S   0.0   0.0   0:00.02 
kthreadd

Let me know if any other information would be useful, and I’ll do my best to 
provide it!

Thanks!
--
cm

_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

[Swan] Libreswan Performance

Reply via email to