Hi Martin, > All application data is processed by the kernel, and any tool can be > used to generated this traffic.
> You'd have to generate the traffic that matches an existing IPsec > connection. This can be done in the load-tester plugin, or in a > dedicated tool. > What's wrong with using iperf or a similar tool to test your IPsec > tunnel? So you mean that I can use the load tester to establish a number of tunnels and then generate traffic (i.e. pings) for each of these tunnels with iperf? I thought that this is not supported by load-tester plugin. What I want to test is a lot of tunnels with traffic to a particular gateway. Regards, Jerry -----Original Message----- From: Martin Willi [mailto:[email protected]] Sent: Fri 29-Jul-11 13:16 To: Gerry Travlos Cc: [email protected] Subject: Re: [strongSwan-dev] load-tester plugin modification Hi, > > 1) Which is the main missing functionality that restricts load-tester > from taking traffic? The load-tester plugin currently generates IKEv2 protocol exchanges, mainly to test the daemon itself. It can simulate many clients, but only the key exchange part. All application data is processed by the kernel, and any tool can be used to generated this traffic. You can extend the load tester by generating traffic to process by the kernel, but it won't have much in common with the existing load-tester functionality. > > 2) Is load-tester plugin the only part of the code that needs to be > modified? Or should I look elsewhere as well? You'd have to generate the traffic that matches an existing IPsec connection. This can be done in the load-tester plugin, or in a dedicated tool. > > 3) Am I after big and many changes or something trivial? Generating traffic is probably not that difficult, but it depends on what you actually want to test. > > 4) I've seen revision 015c1568: "Don't simulate traffic on load-tester > kernel interface". Is this correction made in order not to allow > traffic simulation? No. The load-tester can use a "faked" kernel interface stub, so that the negotiated IPsec SAs won't get installed to the system. This is useful in the load-tester if many identical tunnels get established that would conflict in the kernel. This fix just changes the behavior of this stub. > > 5) Something else that I should take into account? What's wrong with using iperf or a similar tool to test your IPsec tunnel? Regards Martin
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
