netmap in GENERIC, by default, on HEAD
Andrey V. Elsukov
bu7cher at yandex.ru
Wed Nov 5 16:19:36 UTC 2014
On 05.11.2014 19:06, Eric L. Camachat wrote:
>>> In two weeks I will enable IPSec by default, again in preparation for 11.
>
>> Hi,
>
>> recently we did some IP forwarding tests and the GENERIC kernel is
>> several times faster than GENERIC+IPSEC. Even when IPSEC has no SA.
>
>> I didn't do test on vanilla kernel, but our kernel is able forward
>> IPv4/IPv6 on rate close to 8.6 Mpps. The same kernel compiled with IPSEC
>> can forward only 180 kpps. I think this problem should be solved before
>> enabling it in GENERIC.
>
> I think this is why we need IPSEC in GENERIC to let more tests involved.
> Maybe it also helps in kernel SSL encryption (key per IP vs per TCP
> session).
IPSEC had unresolved bugs for years, and now all will be magically
fixed. I think we need some way to enable/disable it on the fly. This
may be a compromise.
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 538 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20141105/b28af73c/attachment.sig>
More information about the freebsd-net
mailing list