IPSec Performance under Xen
Andrey V. Elsukov
bu7cher at yandex.ru
Thu Apr 23 23:28:46 UTC 2015
On 24.04.2015 01:00, Sydney Meyer wrote:
> Hello,
>
> I have set up 2 VM's under Xen running each one IPSec-Endpoint.
> Everything seems to work fine, but (measured with benchmarks/iperf)
> the performance drops from ~10 Gb/s on a non-IPSec-Kernel to ~200
> Mb/s with IPSec compiled in, regardless of whether actually using
> IPSec or not.
Can you test this patch to see the difference? It isn't a fix. It is
just to see how will help avoiding of PCB check.
--- ip_output.c (revision 281867)
+++ ip_output.c (working copy)
@@ -482,7 +482,7 @@ again:
sendit:
#ifdef IPSEC
- switch(ip_ipsec_output(&m, inp, &flags, &error)) {
+ switch(ip_ipsec_output(&m, NULL, &flags, &error)) {
case 1:
goto bad;
case -1:
--
WBR, Andrey V. Elsukov
More information about the freebsd-net
mailing list