IPSec Performance under Xen
meyer.sydney at googlemail.com
Thu Apr 23 22:00:38 UTC 2015
I have set up 2 VM's under Xen running each one IPSec-Endpoint. Everything seems to work fine, but (measured with benchmarks/iperf) the performance drops from ~10 Gb/s on a non-IPSec-Kernel to ~200 Mb/s with IPSec compiled in, regardless of whether actually using IPSec or not.
I have read about reasoning why IPSec isn't enabled in GENERIC, but wanted to ask if this is the kind of performance hit one has to expect.
I have observed this on FreeBSD 10.1 and 10 Stable, both AMD64. The Hypervisor is running Xen 4.4 with a Linux 3.16 Dom0.
More information about the freebsd-net