hipl-core team mailing list archive
-
hipl-core team
-
Mailing list archive
-
Message #00181
About the hipfw-performance branch
This branch focuses on enhancing ESP forwarding throughput in hipfw by
setting up iptables rules for known destination/spi combinations rather
than looking these up in userspace every time. You may still revert to
the old behaviour by giving the -u option.
Here's some iperf output using two VMs running hipd connected by a VM
running hipfw:
=== trunk ===
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[ 4] local 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001 connected
with 2001:11:2910:6a40:17f1:d819:d272:ea99 port 60265
[ ID] Interval Transfer Bandwidth
[ 4] 0.0-10.3 sec 12.0 MBytes 9.80 Mbits/sec
------------------------------------------------------------
Client connecting to 2001:10:8453:d73e:de44:24de:51e:1e77, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[ 3] local 2001:11:2910:6a40:17f1:d819:d272:ea99 port 60265 connected with 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.1 sec 12.0 MBytes 9.97 Mbits/sec
=== hipfw-performance ===
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[ 4] local 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001 connected with 2001:11:2910:6a40:17f1:d819:d272:ea99 port 50461
[ ID] Interval Transfer Bandwidth
[ 4] 0.0-10.0 sec 21.1 MBytes 17.7 Mbits/sec
------------------------------------------------------------
Client connecting to 2001:10:8453:d73e:de44:24de:51e:1e77, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[ 3] local 2001:11:2910:6a40:17f1:d819:d272:ea99 port 50461 connected with 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 21.1 MBytes 17.7 Mbits/sec
Extensions more or less impaired by these patches and not tested so far:
- userspace_ipsec
Always use old behaviour if enabled.
- relay
No rules added for connections requesting because the packets
need to be rewritten. Other connections should still benefit
from speedup.
- LSI
May probably be sped up too (packet marking).
- opportunistic mode
- midauth
- lightweight update
These are marked TODO in code for reference.
Follow ups
References