Hi, > There is no appreaciable load on any of the systems > during throughput testing.
Please note that IPsec is usually processed in soft IRQ, so have a look at the "si" field in top. If you are CPU bound, "perf" is very powerful in analyzing the bottleneck on productive systems. If you are not CPU bound, something else is probably wrong (packet loss, etc.). > I've read that aes-gcm has been built to scale to 10ge and 40ge, It has, but saturating such links definitely requires hardware support. > Does anyone else have experience with higher throughput on > their IPsec tunnels, whether or not utilizing aes-gcm? If your CPU has AESNI/CLMUL support, depending on your CPU you should at least get close to saturating a Gigabit link, even if using a single core only. If you have multiple tunnels, a NIC with multiple hardware queues can share the load to more cores; if not pcrypt is an option. With traditional algorithms you should achieve around 200-400Mbit, so you should go for AES-GCM if your hardware supports it (make sure to have rfc4106-gcm-aesni in /proc/crypto). Alternatively, you might give the newer chacha20poly1305 AEAD a try; it provides good performance in software, and even better performance with SSE2/AVX2 (since Linux 4.3). Regards Martin _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
