Freebsd Stable 6.x ipsec slower than with 4.9

Stephen Clark Stephen.Clark at seclark.us
Wed Apr 26 13:26:50 UTC 2006


Mike Tancsa wrote:

>At 01:02 PM 25/04/2006, Stephen Clark wrote:
>
>  
>
>>>Try first
>>>sysctl -w net.inet.tcp.inflight.enable=0
>>>
>>>If its still slower, try using FAST_IPSEC instead on the 
>>>server.  However, make sure you disable INET6
>>>      
>>>
>>That increased it to 39mbits/sec. Still far from 54mbits/sec
>>    
>>
>
>Are all of the TCP params (compare sysctl -a net.inet.tcp on both 
>)and application defaults still the same on both systems ?   One that 
>that for sure is not in RELENG_4 is SACK. Try disabling that and see 
>if there is a difference.
>
>         ---Mike 
>
>
>  
>
I checked the sysctl's between the two system and where the match they 
are the same. The raw transfer rate ~94mbits/sec is the same as I was 
getting between the systems when they were both 4.9.  The real 
difference appears to be in ipsec. The other thing that is interesting 
is the idle time when I am running this test on the 6.x system is about 
70% when it was a 4.9 system getting 54mbits/sec the idle time was only 
50-55%.

I am reluctant to try fast ipsec because of problems I had when I tried 
it under 4.9, it didn't work with our existing sites.

Steve

-- 

"They that give up essential liberty to obtain temporary safety, 
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government grows, liberty 
decreases."  (Thomas Jefferson)





More information about the freebsd-stable mailing list