Andrey,
with your patch applied the performance drop while using the IPSEC-enabled
kernel without doing actual IPSec traffic seems to be gone.
I haven't tested IPSec itself yet, as i had to start from scratch with new VM's
but i will set up a IPSec connection and report back.
S.
> On Apr 24, 2015, at 01:26, Andrey V. Elsukov <bu7c...@yandex.ru> wrote:
>
> On 24.04.2015 01:00, Sydney Meyer wrote:
>> Hello,
>>
>> I have set up 2 VM's under Xen running each one IPSec-Endpoint.
>> Everything seems to work fine, but (measured with benchmarks/iperf)
>> the performance drops from ~10 Gb/s on a non-IPSec-Kernel to ~200
>> Mb/s with IPSec compiled in, regardless of whether actually using
>> IPSec or not.
>
> Can you test this patch to see the difference? It isn't a fix. It is
> just to see how will help avoiding of PCB check.
>
> --- ip_output.c (revision 281867)
> +++ ip_output.c (working copy)
> @@ -482,7 +482,7 @@ again:
>
> sendit:
> #ifdef IPSEC
> - switch(ip_ipsec_output(&m, inp, &flags, &error)) {
> + switch(ip_ipsec_output(&m, NULL, &flags, &error)) {
> case 1:
> goto bad;
> case -1:
>
>
> --
> WBR, Andrey V. Elsukov
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
