hipl-core team mailing list archive

[Tobias Heer <heer@xxxxxxxxxxxxxxxxx>]

Hi Christof,

Am 13.09.2010 um 19:09 schrieb Christof Mroz:

> This branch focuses on enhancing ESP forwarding throughput in hipfw by
> setting up iptables rules for known destination/spi combinations rather
> than looking these up in userspace every time. You may still revert to
> the old behaviour by giving the -u option.
> 
> Here's some iperf output using two VMs running hipd connected by a VM
> running hipfw:
> 
> === trunk ===
> 
> ------------------------------------------------------------
> Server listening on TCP port 5001
> TCP window size: 85.3 KByte (default)
> ------------------------------------------------------------
> [  4] local 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001 connected
> with 2001:11:2910:6a40:17f1:d819:d272:ea99 port 60265
> [ ID] Interval       Transfer     Bandwidth
> [  4]  0.0-10.3 sec  12.0 MBytes  9.80 Mbits/sec
> 
> ------------------------------------------------------------
> Client connecting to 2001:10:8453:d73e:de44:24de:51e:1e77, TCP port 5001
> TCP window size: 16.0 KByte (default)
> ------------------------------------------------------------
> [  3] local 2001:11:2910:6a40:17f1:d819:d272:ea99 port 60265 connected with 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001
> [ ID] Interval       Transfer     Bandwidth
> [  3]  0.0-10.1 sec  12.0 MBytes  9.97 Mbits/sec
> 
> === hipfw-performance ===
> 
> ------------------------------------------------------------
> Server listening on TCP port 5001
> TCP window size: 85.3 KByte (default)
> ------------------------------------------------------------
> [  4] local 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001 connected with 2001:11:2910:6a40:17f1:d819:d272:ea99 port 50461
> [ ID] Interval       Transfer     Bandwidth
> [  4]  0.0-10.0 sec  21.1 MBytes  17.7 Mbits/sec
> 
> ------------------------------------------------------------
> Client connecting to 2001:10:8453:d73e:de44:24de:51e:1e77, TCP port 5001
> TCP window size: 16.0 KByte (default)
> ------------------------------------------------------------
> [  3] local 2001:11:2910:6a40:17f1:d819:d272:ea99 port 50461 connected with 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001
> [ ID] Interval       Transfer     Bandwidth
> [  3]  0.0-10.0 sec  21.1 MBytes  17.7 Mbits/sec
> 

Whee, almost 100% improvement. I'd say this was worth the effort. Nice work.

> Extensions more or less impaired by these patches and not tested so far:
> - userspace_ipsec
> 	Always use old behaviour if enabled.
> - relay
> 	No rules added for connections requesting because the packets
> 	need to be rewritten. Other connections should still benefit
> 	from speedup.
> - LSI
> 	May probably be sped up too (packet marking).
> - opportunistic mode

> - midauth
We need to fix this. However, I am confident that the change will be minor.

> - lightweight update
Was there code for this in the firewall? What does it do?

Thanks for posting this. Nice results!!!

Tobias


> 
> These are marked TODO in code for reference.
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~hipl-core
> Post to     : hipl-core@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~hipl-core
> More help   : https://help.launchpad.net/ListHelp




-- 
Dipl.-Inform. Tobias Heer, Ph.D. Student
Chair of Communication and Distributed Systems - comsys
RWTH Aachen University, Germany
tel: +49 241 80 207 76
web: http://ds.cs.rwth-aachen.de/members/heer
blog: http://dtobi.wordpress.com/
card: http://card.ly/dtobi