Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 26 Apr 2006 10:30:01 -0700
From:      Sam Leffler <sam@errno.com>
To:        Stephen.Clark@seclark.us
Cc:        stable@freebsd.org
Subject:   Re: Freebsd Stable 6.x ipsec slower than with 4.9
Message-ID:  <444FAE19.3060404@errno.com>
In-Reply-To: <444F750C.7070206@seclark.us>
References:  <444E2503.9090506@seclark.us>	<6.2.3.4.0.20060425093417.068dfc08@64.7.153.2>	<444E5608.4050704@seclark.us>	<6.2.3.4.0.20060425134955.051d58d0@64.7.153.2> <444F750C.7070206@seclark.us>
next in thread | previous in thread | raw e-mail | index | archive | help 
Stephen Clark wrote:
> Mike Tancsa wrote:
> 
>> At 01:02 PM 25/04/2006, Stephen Clark wrote:
>>
>>  
>>
>>>> Try first
>>>> sysctl -w net.inet.tcp.inflight.enable=0
>>>>
>>>> If its still slower, try using FAST_IPSEC instead on the server.  
>>>> However, make sure you disable INET6
>>>>     
>>> That increased it to 39mbits/sec. Still far from 54mbits/sec
>>>   
>>
>> Are all of the TCP params (compare sysctl -a net.inet.tcp on both )and 
>> application defaults still the same on both systems ?   One that that 
>> for sure is not in RELENG_4 is SACK. Try disabling that and see if 
>> there is a difference.
>>
>>         ---Mike
>>
>>  
>>
> I checked the sysctl's between the two system and where the match they 
> are the same. The raw transfer rate ~94mbits/sec is the same as I was 
> getting between the systems when they were both 4.9.  The real 
> difference appears to be in ipsec. The other thing that is interesting 
> is the idle time when I am running this test on the 6.x system is about 
> 70% when it was a 4.9 system getting 54mbits/sec the idle time was only 
> 50-55%.
> 
> I am reluctant to try fast ipsec because of problems I had when I tried 
> it under 4.9, it didn't work with our existing sites.

There are known locking bottlenecks in the crypto subsystem that fast 
ipsec depends on.  This is consistent with idle time going up.

Not sure when they'll be fixed but I know they're important to at least 
one person.

	Sam

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?444FAE19.3060404>