[Swan] Libreswan Performance

[Paul Wouters]

On Tue, 28 Mar 2017, Craig Marker wrote:

> I am running some iperf3 bandwidth tests and noticing poor performance on Libreswan v3.19. When I ran similar tests
> on v3.15, I didn’t run into these performance issues. On v3.15, I would see bandwidth around 700Mbps, where now the
> max I’ve seen in 300Mbps. It seems like the process ‘ksoftirqd’ is hogging the CPU. I’ve tried playing around with
> linux irq
> settings, as well as tx and rx queue length and CPU affinity. No luck. I’m wondering if anyone has experienced this
> and, if so, how they have handled it.

Note that the whole IKE exchange just leads to installing an IPsec SA in
the kernel. Once that is done, nothing IKE does can affect performance,
So performance issues are really never caused by IKE (thus libreswan)

At most, some MTU issues or libreswan adding routes could cause
anything, but that is pretty rare too. Or if you have a less powerfull
CPU, you could get some more slowness but that would not be different
between libreswan versions.

>    13    root          20   0       0       0      0 R   99.7   0.0   24:32.94 ksoftirqd/1

That is not libreswan. I would find it more likely that you are using
different kernel versions that behave differently on the same ipsec sa.

Paul