Hi, Libreswan developers and Linux kernel developers are working together to improve the IPsec throughout using CPU(to encrypt and decrypt). Initial results are ~15 Gbps and ~5-6Gbps per flow. Using upto 3CPU cores.
So far the idea look promising. It seems to scale with number of CPUs. With faster flows cache miss appears to be the biggest slowing down factor. At the last couple of IETF hackethons we hacked on this. Now it is ready for very early testers. The details can be found at https://libreswan.org/wiki/XRM_pCPU We are still working on it, so there is no concrete plans to merge the code yet. Both Linux Kernel XFRM changes and related Libreswan changes need more work. Such as support rekey (kernel), libreswan auto=route. However, if you are looking for this kind of IPsec scalability and able to test it please do. I would be happy to help. Also more testing and feedback would drive us to get this merged sooner than later. regards, -antony _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
