Thank you Nima, your info is very valuable, as I thought that mentined behavior would be quite specific for Cisco IOS. Now I'm more encouraged to do that tests :)
BTW, does anybody know of a tool that seeks for a max. forwarding rate using UDP (iterating the bitrate)? I have been searching for it for a long time, but unsuccesfully, so probably I'll have to write some script for Iperf. Thank you Adam On Thu, Sep 1, 2011 at 11:47 AM, nima chavooshi <[email protected]> wrote: > Hi > I had experienced this behavior with snort in inline mode. in my test bed, > I flow X mega byte on snort machine, X mg without any delay has been handle. > but I increased traffic by 2 times. but snort machine only could X/2 > handled! > So I think your information is true. > > Thanks > > On Thu, Sep 1, 2011 at 1:11 AM, Adam Tisovsky <[email protected]> wrote: > >> Hello, >> >> I’m doing some benchmarks of IPsec performance on Cisco router and I have >> experienced the situation described bellow. My question is whether anybody >> has performed simillar tests on StrongSWAN and can tell how did it behave. >> >> When you are gradually increasing the rate of traffic to be secured (using >> UDP as a transport protocol) you reach the maximum possible throughput of >> the device. But when you continue increasing the rate of ingress traffic >> beyond this point, the fowarding rate of device will decrease. Example: >> >> Max. throughput of device is 10 Mbps. If Ingress traffic rate is 10 Mbps, >> then forwarding rate is 10 Mbps. But when ingress rate is 20 Mbps, you get >> forwarding rate only 5 Mbps. >> >> I have experienced this on Cisco 1841 router with HW accelerator >> DISABLED. After some investigation I foud out that more ingress traffic >> utilizes main CPU more by interrupts. And interrupts go on the expense of >> encryption process. Therefore the decrease of forwarding rate. With HW >> accelerator enabled this situation on does not occur, device forwards >> traffic at the maximum rate even if it’s overloaded by the ingress tarffic. >> >> I didin’t find any information dealing with this, however I find it quite >> interesting. I’m also planning to do the tests on StrongSWAN, but it takes >> some time. So any information will be helpful in advance. >> >> Thank you >> Adam >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users >> > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
