From owner-freebsd-stable@FreeBSD.ORG Wed Apr 26 19:59:04 2006 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1667616A402 for ; Wed, 26 Apr 2006 19:59:04 +0000 (UTC) (envelope-from Stephen.Clark@seclark.us) Received: from smtpout07-04.prod.mesa1.secureserver.net (smtpout07-01.prod.mesa1.secureserver.net [64.202.165.230]) by mx1.FreeBSD.org (Postfix) with SMTP id 9E9A343D49 for ; Wed, 26 Apr 2006 19:59:03 +0000 (GMT) (envelope-from Stephen.Clark@seclark.us) Received: (qmail 22282 invoked from network); 26 Apr 2006 19:59:02 -0000 Received: from unknown (24.144.77.138) by smtpout07-04.prod.mesa1.secureserver.net (64.202.165.233) with ESMTP; 26 Apr 2006 19:59:02 -0000 Message-ID: <444FD105.1050108@seclark.us> Date: Wed, 26 Apr 2006 15:59:01 -0400 From: Stephen Clark User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.16-22smp i686; en-US; m18) Gecko/20010110 Netscape6/6.5 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Sam Leffler References: <444E2503.9090506@seclark.us> <6.2.3.4.0.20060425093417.068dfc08@64.7.153.2> <444E5608.4050704@seclark.us> <6.2.3.4.0.20060425134955.051d58d0@64.7.153.2> <444F750C.7070206@seclark.us> <444FAE19.3060404@errno.com> In-Reply-To: <444FAE19.3060404@errno.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: stable@freebsd.org Subject: Re: Freebsd Stable 6.x ipsec slower than with 4.9 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Stephen.Clark@seclark.us List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2006 19:59:04 -0000 Sam Leffler wrote: >Stephen Clark wrote: > > >>Mike Tancsa wrote: >> >> >> >>>At 01:02 PM 25/04/2006, Stephen Clark wrote: >>> >>> >>> >>> >>> >>>>>Try first >>>>>sysctl -w net.inet.tcp.inflight.enable=0 >>>>> >>>>>If its still slower, try using FAST_IPSEC instead on the server. >>>>>However, make sure you disable INET6 >>>>> >>>>> >>>>> >>>>That increased it to 39mbits/sec. Still far from 54mbits/sec >>>> >>>> >>>> >>>Are all of the TCP params (compare sysctl -a net.inet.tcp on both )and >>>application defaults still the same on both systems ? One that that >>>for sure is not in RELENG_4 is SACK. Try disabling that and see if >>>there is a difference. >>> >>> ---Mike >>> >>> >>> >>> >>> >>I checked the sysctl's between the two system and where the match they >>are the same. The raw transfer rate ~94mbits/sec is the same as I was >>getting between the systems when they were both 4.9. The real >>difference appears to be in ipsec. The other thing that is interesting >>is the idle time when I am running this test on the 6.x system is about >>70% when it was a 4.9 system getting 54mbits/sec the idle time was only >>50-55%. >> >>I am reluctant to try fast ipsec because of problems I had when I tried >>it under 4.9, it didn't work with our existing sites. >> >> > >There are known locking bottlenecks in the crypto subsystem that fast >ipsec depends on. This is consistent with idle time going up. > >Not sure when they'll be fixed but I know they're important to at least >one person. > > Sam >_______________________________________________ >freebsd-stable@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-stable >To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > > Hi Sam, I am going to try the fast ipsec. Regards, Steve -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)