Hi Christof, Am 13.09.2010 um 19:09 schrieb Christof Mroz:
> This branch focuses on enhancing ESP forwarding throughput in hipfw by > setting up iptables rules for known destination/spi combinations rather > than looking these up in userspace every time. You may still revert to > the old behaviour by giving the -u option. > > Here's some iperf output using two VMs running hipd connected by a VM > running hipfw: > > === trunk === > > ------------------------------------------------------------ > Server listening on TCP port 5001 > TCP window size: 85.3 KByte (default) > ------------------------------------------------------------ > [ 4] local 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001 connected > with 2001:11:2910:6a40:17f1:d819:d272:ea99 port 60265 > [ ID] Interval Transfer Bandwidth > [ 4] 0.0-10.3 sec 12.0 MBytes 9.80 Mbits/sec > > ------------------------------------------------------------ > Client connecting to 2001:10:8453:d73e:de44:24de:51e:1e77, TCP port 5001 > TCP window size: 16.0 KByte (default) > ------------------------------------------------------------ > [ 3] local 2001:11:2910:6a40:17f1:d819:d272:ea99 port 60265 connected with > 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001 > [ ID] Interval Transfer Bandwidth > [ 3] 0.0-10.1 sec 12.0 MBytes 9.97 Mbits/sec > > === hipfw-performance === > > ------------------------------------------------------------ > Server listening on TCP port 5001 > TCP window size: 85.3 KByte (default) > ------------------------------------------------------------ > [ 4] local 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001 connected with > 2001:11:2910:6a40:17f1:d819:d272:ea99 port 50461 > [ ID] Interval Transfer Bandwidth > [ 4] 0.0-10.0 sec 21.1 MBytes 17.7 Mbits/sec > > ------------------------------------------------------------ > Client connecting to 2001:10:8453:d73e:de44:24de:51e:1e77, TCP port 5001 > TCP window size: 16.0 KByte (default) > ------------------------------------------------------------ > [ 3] local 2001:11:2910:6a40:17f1:d819:d272:ea99 port 50461 connected with > 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001 > [ ID] Interval Transfer Bandwidth > [ 3] 0.0-10.0 sec 21.1 MBytes 17.7 Mbits/sec > Whee, almost 100% improvement. I'd say this was worth the effort. Nice work. > Extensions more or less impaired by these patches and not tested so far: > - userspace_ipsec > Always use old behaviour if enabled. > - relay > No rules added for connections requesting because the packets > need to be rewritten. Other connections should still benefit > from speedup. > - LSI > May probably be sped up too (packet marking). > - opportunistic mode > - midauth We need to fix this. However, I am confident that the change will be minor. > - lightweight update Was there code for this in the firewall? What does it do? Thanks for posting this. Nice results!!! Tobias > > These are marked TODO in code for reference. > > _______________________________________________ > Mailing list: https://launchpad.net/~hipl-core > Post to : [email protected] > Unsubscribe : https://launchpad.net/~hipl-core > More help : https://help.launchpad.net/ListHelp -- Dipl.-Inform. Tobias Heer, Ph.D. Student Chair of Communication and Distributed Systems - comsys RWTH Aachen University, Germany tel: +49 241 80 207 76 web: http://ds.cs.rwth-aachen.de/members/heer blog: http://dtobi.wordpress.com/ card: http://card.ly/dtobi _______________________________________________ Mailing list: https://launchpad.net/~hipl-core Post to : [email protected] Unsubscribe : https://launchpad.net/~hipl-core More help : https://help.launchpad.net/ListHelp
