[Swan] subnet to subnet IPv6 very slow

James Fromm fromm at omnis.com
Sat Nov 14 22:28:33 UTC 2015


Thank you for testing the scenario and confirming our findings.  For now, we're going to run ipv6 in ipv6.  The only reason I was trying to use ipv4 for the tunnel is because many of the server providers we've contacted, especially in South America and Asian locations, do not provide any SLA on ipv6.

Thanks,
James

On November 14, 2015 2:51:19 PM MST, Tuomo Soini <tis at foobar.fi> wrote:
>On Sat, 14 Nov 2015 13:03:50 +0900
>Paul Wouters <paul at nohats.ca> wrote:
>
>> You can try esp=aes_gcm128-null which is the fastest good crypto algo
>> to use but I'm not sure if that is your real problem 
>
>I don't think that's the problem. There is some huge performance
>bottleneck in kernel when running ipv6 in ipv4 with xfrm/netkey ipsec
>stack. On my quick test it show exactly same type of performance
>problem.
>
>-- 
>Tuomo Soini <tis at foobar.fi>
>Foobar Linux services
>+358 40 5240030
>Foobar Oy <http://foobar.fi/>
>_______________________________________________
>Swan mailing list
>Swan at lists.libreswan.org
>https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20151114/9126c4a6/attachment.html>


More information about the Swan mailing list