Hi,
The testbed has been reused since I ran the tests, but the config was something
standard like :
ike esp from a.b.c.d/24 to e.f.g.h/24 peer i.j.k.l \
main auth hmac-sha1 enc aes-256 \
quick auth hmac-sha1 enc aes-256 psk "secret"
If I remember well, for AES-GCM, there is no AUTH parameter, and it is phase 2
only. So it was something like :
ike esp from a.b.c.d/24 to e.f.g.h/24 peer i.j.k.l \
main auth hmac-sha1 enc aes-256 \
quick enc aes-256-gcm psk "secret"
If I've made syntax errors ipssecctl will tell you quickly btw.
--
Cordialement,
Pierre BARDOU
De : Evgeniy Sudyr [mailto:[email protected]]
Envoyé : dimanche 21 juillet 2013 13:17
À : BARDOU Pierre
Cc : [email protected]
Objet : Re: OpenBSD ipsec performance on modern HW
All,
during my tests I seen that CPU on all cores and memory usage was very low.
Just interesting if there are any bottlenecks and how to fix them.
1) Does anybody care tcp stack tuning for high speed IPSEC ?
2) Can I run IPSEC (that's isakmpd ?) on other cores?
Pierre,
can you share your ipsec config to check same on my side.
