On 07.12.2018 18:02, Lev Serebryakov wrote:

>>  (I'm not sure, that it is exactly "bug" or "defect" and want to
>  ... discuss it here before filing PR.
>>  Now I'm throwing IPsec into mix. All incoming traffic is tunneled with
>> IPsec policy, with aes-128-gcm encryption. And with IPsec tx_abdicate
>> makes thing much worse and much more unstable.
>  I could say, that it doesn't matter, if I using IPsec with "tunnel"
> policy to encrypt and tunnel transit traffic or if I add "gif" into mix
> and encrypt GIF traffic in "transport" mode. In both cases tx_abdicate
> makes PPS much lower.
 And one more datapoint: if I'm using "null" cipher (so, IPsec is in
play, but no real encryption is performed) losses in packet rate are
about 50% from turning on tx_abdicate. It is worst-case scenario.

 And if I have outbound traffic (traffic is received without IPsec
processing and sent with IPsec processing on other interface) I have
noticeable gains, up to 15% in packets per second and bandwidth.

 So, lookslike tx_abdicate works well when it is applied to
non-IPsec-processed traffic.

// Lev Serebryakov

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to