We have two server connected next to each other. When we're iperfing each other through 'simple' physical interaces - we're getting ~5GB/S of bandwidth. But when im sending traffic through tunneled (strongswan) GRE interface. Im getting only ~400mbits of traffic and some ksoftirq process is utilized. Is there are some remedies ? Server is quite powerfull: Intel Xeon E5-2620 0 @ 2.00GHz.
Asked
Active
Viewed 1,684 times
1 Answers
1
According to this libreswan wiki article the encrypted throughput is heavily affected by the encryption method in use and the MTU settings. The article also points out that the settings of the network card greatly influence performance also.
In that wiki article they've published the results of their tests on a server equipped with a similar CPU (Xeon CPU E5-2630 0 @ 2.30GHz). Their results are 9.41 Gbits/sec unencrypted without IPsec and 935 Mbits/sec IPsec AES128-SHA1 (esp=aes128-sha1) so your results seems to be realistic if you're also using AES-CBC-128+SHA1. You can also see that the more up-to-date AES-GCM-128 (esp=aes_gcm128-null) is a more efficient encryption method and using that results in a much better 4.03 Gbits/sec max throughput. So if possible switch to AES-GCM and double check MTU settings.
bcs78
- 372
- 4
- 9