hipl-core team mailing list archive
-
hipl-core team
-
Mailing list archive
-
Message #00193
Re: About the hipfw-performance branch
Hi Christof,
Am 13.09.2010 um 19:09 schrieb Christof Mroz:
> This branch focuses on enhancing ESP forwarding throughput in hipfw by
> setting up iptables rules for known destination/spi combinations rather
> than looking these up in userspace every time. You may still revert to
> the old behaviour by giving the -u option.
>
> Here's some iperf output using two VMs running hipd connected by a VM
> running hipfw:
>
> === trunk ===
>
> ------------------------------------------------------------
> Server listening on TCP port 5001
> TCP window size: 85.3 KByte (default)
> ------------------------------------------------------------
> [ 4] local 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001 connected
> with 2001:11:2910:6a40:17f1:d819:d272:ea99 port 60265
> [ ID] Interval Transfer Bandwidth
> [ 4] 0.0-10.3 sec 12.0 MBytes 9.80 Mbits/sec
>
> ------------------------------------------------------------
> Client connecting to 2001:10:8453:d73e:de44:24de:51e:1e77, TCP port 5001
> TCP window size: 16.0 KByte (default)
> ------------------------------------------------------------
> [ 3] local 2001:11:2910:6a40:17f1:d819:d272:ea99 port 60265 connected with 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001
> [ ID] Interval Transfer Bandwidth
> [ 3] 0.0-10.1 sec 12.0 MBytes 9.97 Mbits/sec
>
> === hipfw-performance ===
>
> ------------------------------------------------------------
> Server listening on TCP port 5001
> TCP window size: 85.3 KByte (default)
> ------------------------------------------------------------
> [ 4] local 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001 connected with 2001:11:2910:6a40:17f1:d819:d272:ea99 port 50461
> [ ID] Interval Transfer Bandwidth
> [ 4] 0.0-10.0 sec 21.1 MBytes 17.7 Mbits/sec
>
> ------------------------------------------------------------
> Client connecting to 2001:10:8453:d73e:de44:24de:51e:1e77, TCP port 5001
> TCP window size: 16.0 KByte (default)
> ------------------------------------------------------------
> [ 3] local 2001:11:2910:6a40:17f1:d819:d272:ea99 port 50461 connected with 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001
> [ ID] Interval Transfer Bandwidth
> [ 3] 0.0-10.0 sec 21.1 MBytes 17.7 Mbits/sec
>
Whee, almost 100% improvement. I'd say this was worth the effort. Nice work.
> Extensions more or less impaired by these patches and not tested so far:
> - userspace_ipsec
> Always use old behaviour if enabled.
> - relay
> No rules added for connections requesting because the packets
> need to be rewritten. Other connections should still benefit
> from speedup.
> - LSI
> May probably be sped up too (packet marking).
> - opportunistic mode
> - midauth
We need to fix this. However, I am confident that the change will be minor.
> - lightweight update
Was there code for this in the firewall? What does it do?
Thanks for posting this. Nice results!!!
Tobias
>
> These are marked TODO in code for reference.
>
> _______________________________________________
> Mailing list: https://launchpad.net/~hipl-core
> Post to : hipl-core@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~hipl-core
> More help : https://help.launchpad.net/ListHelp
--
Dipl.-Inform. Tobias Heer, Ph.D. Student
Chair of Communication and Distributed Systems - comsys
RWTH Aachen University, Germany
tel: +49 241 80 207 76
web: http://ds.cs.rwth-aachen.de/members/heer
blog: http://dtobi.wordpress.com/
card: http://card.ly/dtobi
Follow ups
References