Hi Florin,
Thanks for the info. I pulled the latest and retried, things seem a bit better
now from a stability perspective. The performance issue looks like a CPU
limitation on the client side (10K loops/s) based on the results. I have these:
*Client* : Intel Xeon CPU E5-2650 v2 @ 2.60GHz - 1021
Hi Dom,
I guess you’re not using vpp master. Loops/s should appear in the line you
highlighted
Regards,
Florin
> On Feb 28, 2020, at 8:54 AM, dchons via Lists.Fd.Io
> wrote:
>
> Hi Florin,
>
> I got another test run and was able to do the clear run; show run as you
> suggested about 10 s
Hi Florin,
I got another test run and was able to do the clear run; show run as you
suggested about 10 seconds into the test run just before it ended. I'm not sure
where to see the loops/s stat, so I've pasted the output from both client and
server below if you would not mind pointing out what
Hi Dom,
It could be that you’re hitting more often the issues that I also encountered
locally. And yes, I noticed that even the server side has sporadic issues.
Given that iperf works fine with tcp, I assume tls re-segments data in a way
that iperf does not like.
Now, with respect to the thr
Hi Florin,
Thanks once again! I was in the middle of collecting a bunch of information to
respond (basically nothing interesting in logs and the client does not crash,
it just sits there), and then on one miraculous run it actually worked. I was
hoping for a bit more performance (I only got 2.8
Hi Dom,
Is the iperf client returning an error or does it crash? Do you get any errors
in /var/log/syslog?
Also, do a “sh session verbose” on both nodes to see if there’s any data
pending in the rx/tx fifos.
Regards,
Florin
> On Feb 26, 2020, at 10:26 AM, dchons via Lists.Fd.Io
> wrote:
Hi Florin,
Thanks so much for trying this out and for the suggestions. Unfortunately this
isn't working in my setup. Here's what I did just to make sure I'm not missing
anything.
I generated the key and cert as follows:
*openssl req -newkey rsa:2048 -nodes -keyout ldp.key -x509 -days 365 -out
Hi Dom,
Out of curiosity, I tried out testing tls throughput with iperf. Note that this
is a bit of a hack, i.e., ldp can transparently convert tcp connections into
tls connections if the right environment variables are set (see more [1]).
Sporadically, this does exhibit some setup instability
Hi Florin,
Thank you for your response. I used different rx/tx buffer sizes and it didn't
really make a difference. For this stage, it's good enough to know that there
are known performance limitations, thank you again for your help.
Regards,
Dom
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all m
Hi Dom,
First of all, tls code is not optimized and there are some scheduling
inefficiencies that we are aware of and which do affect overall performance.
Having said that, you might be able to improve throughput by increasing rx and
tx buffer sizes (any reason for keeping them that small?).
Hello,
I'm trying to get an idea of TLS throughput using openssl without hardware
acceleration, and I'm using the vpp_echo application as follows:
* *Server :* taskset --cpu-list 4,6,8 ./vpp_echo socket-name /tmp/vpp-api.sock
uri tls://10.0.0.71/ fifo-size 200 uni RX=50Gb TX=0 stats 1 s
11 matches
Mail list logo
