On Thu, Jul 09, 2020 at 01:16:50PM +0300, Eyal Birger wrote: > When having many xfrm interfaces, the linear lookup of devices based on > if_id becomes costly. > > The first patch refactors xfrmi_decode_session() to use the xi used in > the netdevice priv context instead of looking it up in the list based > on ifindex. This is needed in order to use if_id as the only key used > for xi lookup. > > The second patch extends the existing infrastructure - which already > stores the xfrmi contexts in an array of lists - to use a hash of the > if_id. > > Example benchmarks: > - running on a KVM based VM > - xfrm tunnel mode between two namespaces > - xfrm interface in one namespace (10.0.0.2) > > Before this change set: > > Single xfrm interface in namespace: > $ netperf -H 10.0.0.2 -l8 -I95,10 -t TCP_STREAM > > MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 10.0.0.2 () > port 0 AF_INET : +/-5.000% @ 95% conf. : demo > Recv Send Send > Socket Socket Message Elapsed > Size Size Size Time Throughput > bytes bytes bytes secs. 10^6bits/sec > > 131072 16384 16384 8.00 298.36 > > After adding 400 xfrmi interfaces in the same namespace: > > $ netperf -H 10.0.0.2 -l8 -I95,10 -t TCP_STREAM > > MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 10.0.0.2 () > port 0 AF_INET : +/-5.000% @ 95% conf. : demo > Recv Send Send > Socket Socket Message Elapsed > Size Size Size Time Throughput > bytes bytes bytes secs. 10^6bits/sec > > 131072 16384 16384 8.00 221.77 > > After this patchset there was no observed change after adding the > xfrmi interfaces. > > Eyal Birger (2): > xfrm interface: avoid xi lookup in xfrmi_decode_session() > xfrm interface: store xfrmi contexts in a hash by if_id > > net/xfrm/xfrm_interface.c | 52 +++++++++++++++++++++++++-------------- > 1 file changed, 33 insertions(+), 19 deletions(-)
Applied to ipsec-next, thanks a lot Eyal!
