[Swan] subnet to subnet IPv6 very slow

Tuomo Soini tis at foobar.fi
Sat Nov 14 21:51:19 UTC 2015


On Sat, 14 Nov 2015 13:03:50 +0900
Paul Wouters <paul at nohats.ca> wrote:

> You can try esp=aes_gcm128-null which is the fastest good crypto algo
> to use but I'm not sure if that is your real problem 

I don't think that's the problem. There is some huge performance
bottleneck in kernel when running ipv6 in ipv4 with xfrm/netkey ipsec
stack. On my quick test it show exactly same type of performance
problem.

-- 
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>


More information about the Swan mailing list