Re: Regression: kernel 4.14 an later very slow with many ipsec tunnels

From: Wolfgang Walter
Date: Thu Sep 13 2018 - 11:46:11 EST

Next message: Jason A. Donenfeld: "Re: [PATCH net-next v3 02/17] zinc: introduce minimal cryptography library"
Previous message: CÃdric Le Goater: "[PATCH] aspeed/i2c: lower bus interrupt when all interrupts have been cleared"
In reply to: Florian Westphal: "Re: Regression: kernel 4.14 an later very slow with many ipsec tunnels"
Next in thread: Florian Westphal: "Re: Regression: kernel 4.14 an later very slow with many ipsec tunnels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Donnerstag, 13. September 2018, 15:58:44 schrieb Florian Westphal:
> Wolfgang Walter <linux@xxxxxxx> wrote:
> > thanks to the fix from Steffen Klassert I could now run 4.14.69 + his
> > patch
> > and 4.18.7 + his patch without oopsing immediately.
> >
> > But I found that those kernels perform very bad. They perform so bad that
> > they are unusable for our router with about 3000 ipsec tunnels (tunnel
> > mode network <-> network).
>
> Can you do a 'perf record -a -g sleep 5' with 4.18 and provide 'perf
> report' result?
>
> It would be good to see where those cycles are spent.

I'll try that but this isn't that easy as the router image does not contain
perf. I also have to do that on our production router. I try to do that
tomorrow evening.

What I can say is that it depends mainly on number of policy rules and SA.

Regards
--
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts

Next message: Jason A. Donenfeld: "Re: [PATCH net-next v3 02/17] zinc: introduce minimal cryptography library"
Previous message: CÃdric Le Goater: "[PATCH] aspeed/i2c: lower bus interrupt when all interrupts have been cleared"
In reply to: Florian Westphal: "Re: Regression: kernel 4.14 an later very slow with many ipsec tunnels"
Next in thread: Florian Westphal: "Re: Regression: kernel 4.14 an later very slow with many ipsec tunnels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]