This is the IPSec standard mailing list. You're talking about a question about
some specific implementation; you'll have to ask in a different place.
paul
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
Naveen B N (nbn)
Sent: Tuesday, January 10, 2012 8:48 AM
To: [email protected]
Subject: [IPsec] CPU usage for IPSec in Linux 2.6.38
Hi All,
I am using linux 2.6.36 kernel and trying to add 6000 Ikev2/ipsec tunnels at 20
Ikev2 messages per second , I am using netlink socket which is set to
NON_BLOCKING and i am sending XFRM SPD added for every successful AUTH message
received.
But the problem is after the 4000 tunnels are established, CPU usage goes to >
90%, which will likely cause dropping of few AUTH response from responder.
NOTE:
But when I disabled adding SPD messaged via netlink sockets using xfrm
messages, I am able to complete 6000 ikev2 SA negotiation successfully.
So the problem i am seeing is when sending XFRM netlink message > 4000.
Any solutions are or analysis different then the above is appreciated.
Thanks and Regards
Naveen
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
