Hi all I'm building an M2M application using strongswan with RSA-sig auth. I have a test bed running 5000 tunnels but I'm hitting a bottleneck in tunnel setup speed. I'm only getting about 5 tunnels per second setup (charon > 90% CPU).
What should I be investigating to increase the tunnel setup rate? What crypto acceleration can charon make use of? The test setup: - strongswan-4.6.2 (built from source for 64-bit). - RSA sig (2048 bit) + modp1024 - Unique RSA key per tunnel wrapped in self-signed cert for convenient ID + pubkey package. - 64-bit qemu-kvm guest (CentOS 6) is running charon. The host is a 3.2 GHz quad core machine. Kernel level encrypted throughput (AES256) is good for my purposes, but charon is consuming an unexpectedly large amount of CPU time when tunnels are setup. So I'm guessing it's something specific to the RSA calculations as AES seems to fly. There is no other IO, no swap, running completely from RAM. -- Rich _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
