Hi All, I am using linux 2.6.36 kernel and trying to add 6000 Ikev2/ipsec tunnels at 20 Ikev2 messages per second , I am using netlink socket which is set to NON_BLOCKING and i am sending XFRM SPD added for every successful AUTH message received.
But the problem is after the 4000 tunnels are established, CPU usage goes to > 90%, which will likely cause dropping of few AUTH response from responder. NOTE: But when I disabled adding SPD messaged via netlink sockets using xfrm messages, I am able to complete 6000 ikev2 SA negotiation successfully. So the problem i am seeing is when sending XFRM netlink message > 4000. Any solutions are or analysis different then the above is appreciated. Thanks and Regards Naveen _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
