hipl-core team mailing list archive

Thread
Date

About the hipfw-performance branch

To: hipl-core@xxxxxxxxxxxxxxxxxxx
From: Christof Mroz <christof.mroz@xxxxxxxxxxxxxx>
Date: Mon, 13 Sep 2010 19:09:21 +0200
In-reply-to: <20100913143222.18053.74363.launchpad@loganberry.canonical.com>

This branch focuses on enhancing ESP forwarding throughput in hipfw by
setting up iptables rules for known destination/spi combinations rather
than looking these up in userspace every time. You may still revert to
the old behaviour by giving the -u option.

Here's some iperf output using two VMs running hipd connected by a VM
running hipfw:

=== trunk ===

------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[  4] local 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001 connected
with 2001:11:2910:6a40:17f1:d819:d272:ea99 port 60265
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-10.3 sec  12.0 MBytes  9.80 Mbits/sec

------------------------------------------------------------
Client connecting to 2001:10:8453:d73e:de44:24de:51e:1e77, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[  3] local 2001:11:2910:6a40:17f1:d819:d272:ea99 port 60265 connected with 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.1 sec  12.0 MBytes  9.97 Mbits/sec

=== hipfw-performance ===

------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[  4] local 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001 connected with 2001:11:2910:6a40:17f1:d819:d272:ea99 port 50461
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-10.0 sec  21.1 MBytes  17.7 Mbits/sec

------------------------------------------------------------
Client connecting to 2001:10:8453:d73e:de44:24de:51e:1e77, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[  3] local 2001:11:2910:6a40:17f1:d819:d272:ea99 port 50461 connected with 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  21.1 MBytes  17.7 Mbits/sec

Extensions more or less impaired by these patches and not tested so far:
- userspace_ipsec
	Always use old behaviour if enabled.
- relay
	No rules added for connections requesting because the packets
	need to be rewritten. Other connections should still benefit
	from speedup.
- LSI
	May probably be sped up too (packet marking).
- opportunistic mode
- midauth
- lightweight update

These are marked TODO in code for reference.

Follow ups

Re: About the hipfw-performance branch
From: Tobias Heer, 2010-09-14

References

[Branch ~christof-mroz/hipl/hipfw-performance] 4938 revisions
From: noreply, 2010-09-13