Hi Eyal,
with kernel 5.10 it work very well. Tested with 10 000 interfaces. Thank you
once more.
Regards, Karel
-----Original Message-----
From: Vinš Karel <karel.v...@skoda.cz>
Sent: Wednesday, February 24, 2021 12:02 PM
To: 'Eyal Birger' <eyal.bir...@gmail.com>
Cc: netdev@vger.kernel.org
Subject: [External] RE: [External] Re: High (200+) XFRM interface count
performance problem (throughput)
.
Hi Eyal, thank you for response. I found that commit with your comment during
the night. I will test it.
Do you think that there is a chance to backport this to 5.4 as it is LTS kernel?
Regards,
Karel
-----Original Message-----
From: Eyal Birger <eyal.bir...@gmail.com>
Sent: Wednesday, February 24, 2021 9:15 AM
To: Vinš Karel <karel.v...@skoda.cz>
Cc: netdev@vger.kernel.org
Subject: [External] Re: High (200+) XFRM interface count performance problem
(throughput)
.
Hi Vinš,
On Tue, Feb 23, 2021 at 9:52 PM Vinš Karel <karel.v...@skoda.cz> wrote:
>
> Hello,
>
> I would like to ask you for help or advise.
>
> I'm testing setup with higher number of XFRM interfaces and I'm facing
> throughput degradation with a growing number of created XFRM interfaces - not
> concurrent tunnels established but only XFRM interfaces created - even in
> DOWN state.
> Issue is only unidirectional - from "client" to "vpn hub". Throughput for
> traffic from hub to client is not affected.
>
> XFRM interface created with:
> for i in {1..500}; do link add ipsec$i type xfrm dev ens224 if_id $i ;
> done
>
> I'm testing with iperf3 with 1 client connected - from client to hub:
> 2 interfaces - 1.36 Gbps
> 100 interfaces - 1.35 Gbps
> 200 interfaces - 1.19 Gbps
> 300 interfaces - 0.98 Gbps
> 500 interfaces - 0.71 Gbps
>
> Throughput from hub to client is around 1.4 Gbps in all cases.
>
> 1 CPU core is 100%
>
> Linux v-hub 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC
> 2021 x86_64 x86_64 x86_64 GNU/Linux
Can you please try with a higher kernel version (>= 5.9)?
We've done some work to improve xfrm interface scaling specifically
e98e44562ba2 ("xfrm interface: store xfrmi contexts in a hash by if_id").
Thanks,
Eyal.
