Re: Freebsd Stable 6.x ipsec slower than with 4.9
- From: Stephen Clark <Stephen.Clark@xxxxxxxxxx>
- Date: Wed, 26 Apr 2006 20:30:38 -0400
Stephen Clark wrote:
Stephen Clark wrote:
Sam Leffler wrote:
Stephen Clark wrote:Hi Sam,
Mike Tancsa wrote:There are known locking bottlenecks in the crypto subsystem that fast ipsec depends on. This is consistent with idle time going up.
At 01:02 PM 25/04/2006, Stephen Clark wrote:I checked the sysctl's between the two system and where the match they are the same. The raw transfer rate ~94mbits/sec is the same as I was getting between the systems when they were both 4.9. The real difference appears to be in ipsec. The other thing that is interesting is the idle time when I am running this test on the 6.x system is about 70% when it was a 4.9 system getting 54mbits/sec the idle time was only 50-55%.
Are all of the TCP params (compare sysctl -a net.inet.tcp on both )and application defaults still the same on both systems ? One that that for sure is not in RELENG_4 is SACK. Try disabling that and see if there is a difference.Try firstThat increased it to 39mbits/sec. Still far from 54mbits/sec
sysctl -w net.inet.tcp.inflight.enable=0
If its still slower, try using FAST_IPSEC instead on the server. However, make sure you disable INET6
---Mike
I am reluctant to try fast ipsec because of problems I had when I tried it under 4.9, it didn't work with our existing sites.
Not sure when they'll be fixed but I know they're important to at least one person.
Sam
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"
I am going to try the fast ipsec.
Regards,
Steve
Good news with fast ipsec I am back to 53mbits/sec.
Thanks everyone,
Steve
New Info when I tried sending data across the gre/vpns I get the following messages which I did not
get with kame ipsec. Any ideas anyone?
Apr 26 20:24:43 J301001 kernel: gre15: gre_output: recursively called too many times(2)
Apr 26 20:24:52 J301001 kernel: gre71: gre_output: recursively called too many times(2)
Apr 26 20:24:54 J301001 kernel: gre39: gre_output: recursively called too many times(2)
Apr 26 20:24:55 J301001 kernel: gre43: gre_output: recursively called too many times(2)
Apr 26 20:24:59 J301001 kernel: gre97: gre_output: recursively called too many times(2)
Apr 26 20:25:16 J301001 kernel: gre97: gre_output: recursively called too many times(2)
--
"They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"
- References:
- Freebsd Stable 6.x ipsec slower than with 4.9
- From: Stephen Clark
- Re: Freebsd Stable 6.x ipsec slower than with 4.9
- From: Mike Tancsa
- Re: Freebsd Stable 6.x ipsec slower than with 4.9
- From: Stephen Clark
- Re: Freebsd Stable 6.x ipsec slower than with 4.9
- From: Mike Tancsa
- Re: Freebsd Stable 6.x ipsec slower than with 4.9
- From: Stephen Clark
- Re: Freebsd Stable 6.x ipsec slower than with 4.9
- From: Sam Leffler
- Re: Freebsd Stable 6.x ipsec slower than with 4.9
- From: Stephen Clark
- Re: Freebsd Stable 6.x ipsec slower than with 4.9
- From: Stephen Clark
- Freebsd Stable 6.x ipsec slower than with 4.9
- Prev by Date: Re: fsck_ufs locked in snaplk
- Next by Date: graphics/cairo build error
- Previous by thread: Re: Freebsd Stable 6.x ipsec slower than with 4.9
- Next by thread: Re: Freebsd Stable 6.x ipsec slower than with 4.9
- Index(es):
Relevant Pages
|
|
