Date: Tue, 3 Mar 2009 07:42:44 GMT From: Vasile Marii <marii.vasile@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/132277: poor performance using criptodevice for IPSEC Message-ID: <200903030742.n237giLo029616@www.freebsd.org> Resent-Message-ID: <200903030750.n237o1g4027745@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 132277 >Category: misc >Synopsis: poor performance using criptodevice for IPSEC >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Mar 03 07:50:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Vasile Marii >Release: 7.01 >Organization: none >Environment: FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Fri Feb 27 11:09:02 EET 2009 root@:/usr/obj/usr/src/sys/IPSEC i386 >Description: I'm working to port a cripto accelerating device driver(it's custom made device) from linux (which works fine) to bsd (freebsd 7.1), but i couldn't get the same(decent) results as for linux. The driver for linux and for bsd both started from the corresponding driver for geode LX cripto accelerator. I concluded that it's not the device and the bottleneck is somewhere in the kernel(interface between Network stack and Cripto Framework). I modified the original glxsb(geode crypto accelerator) driver and made it return immediately after receiving a cripto task (so the device actually does nothing aka device is taking zero time to cript any block of data) and the data is actually not cripted. I made this for debugging purposes to see if the kernel delivers enough data to the device. The netperf results between the two exactly the same machines(with a tunnel(AES-CBC with HMAC_SHA256) between them) with the exactly the same(modified original)driver shows a throughput of maximum 20Mbp s(without IPSEC tunnel i can get 94,1 Mbps so the network is ok). I've seen similar problems on some threads regarding VIA(which should work with 1,1 Gbps throughput). I've tested the device not cripting network traffic (meaning "feed" the device manually and give it data immediately after it finishes the previous) and i can get a full speed of 117 Mbps(meaning it should be enough for my needs for 100Mbps NIC). Does anybody have any better results on glxsb or via?(i mean a netperf test between two machines) or there is a hack or a setting in the kernel or somewhere else? Thanks! >How-To-Repeat: use glxsb driver for IPSEC. Using userspace testing shows good results on this driver though. >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200903030742.n237giLo029616>