IPSEC in GENERIC [was: Re: netmap in GENERIC, by default, on HEAD]
Olivier Cochard-Labbé
olivier at cochard.me
Thu Nov 6 15:23:05 UTC 2014
On Thu, Nov 6, 2014 at 3:46 PM, Hooman Fazaeli <hoomanfazaeli at gmail.com>
wrote:
>
> => This permit me to obtain the maximum PPS forwarded by the server.
>>
> May be off-topic: How much PPS and on which hardware?
>
It seems I'm not clear: My question is just "What is the correct
methodology for benching IPSec performance ?"
There is a RFC 2544 and RFC 3222 that explain methodologies for benching
routers (packet forwarding) and RFC 3511 for benching firewall... but what
about IPSec ?
I didn't see any impact by enabling IPSec on the kernel (just enabling and
not using it) on my benchs, but others people measured huge impact: Then my
methodology is wrong.
This is why I would to know if we could define a reproducible methodology
for "benching IPSec" (packet size distribution, number of SA/SP, etc...).
More information about the freebsd-net
mailing list