Hi, I’m doing some benchmarks of IPsec performance on Cisco router and I have experienced the situation described below. My question is whether anybody has performed similar tests on Linux (StrongSWAN, OpenSWAN,…) or any other security gateway and can tell how did it behave. When you are gradually increasing the rate of traffic to be secured (using UDP as a transport protocol) you reach the maximum possible throughput of the device. But when you continue increasing the rate of ingress traffic beyond this point, the fowarding rate of device will decrease. Example: Max. throughput of device is 10 Mbps. If ingress traffic rate is 10 Mbps, then forwarding rate is 10 Mbps. But when ingress rate is 20 Mbps, you get forwarding rate only 5 Mbps. I have experienced this on Cisco 1841 router with HW accelerator DISABLED. After some investigation I foud out that more ingress traffic utilizes main CPU more by interrupts. And interrupts go on the expense of encryption process. Therefore the decrease of forwarding rate. With HW accelerator enabled this situation on does not occur, device forwards traffic at the maximum rate even if it’s overloaded by the ingress tarffic. I didin’t find any information dealing with this, however I find it quite interesting. I’m also planning to do the tests on StrongSWAN and OpenSWAN, but it takes some time. So any information will be helpful in advance. Thank you Adam -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
