[Swan] "IPSec transport mode" with 200Mbps traffic, TCP Reader(kernel) miss received packet
Hao Chen
earthlovepython at outlook.com
Thu Feb 27 20:15:17 UTC 2020
Hi All,
On TCP sender side, "ss -imnHoe 'dst *:55064'" shows that "retrans" keep rising.
After decrypt IPSec .pcap file captured on TCP reader side, I saw reader side really get the TCP packet. But kernel in read side sends back multiple TCP duplicated ACK. It indicate that kernel in reader side missed that packet.
My machine is HP Chassis Gen 10 with 10Gbps NIC, and 3.6GHz CPU.
Libreswan is v3.25. Kernel is "3.10.0-957.43.1.el7.x86_64" .
"ethtool -S eth0 | grep rx_discards" shows that no packet drop by NIC.
The "net.ipv4.tcp_rmem = 1048576 8388608 16777216".
I already "echo 300000 > /proc/sys/net/core/netdev_max_backlog".
"netstat -na | grep 55064" shows that "Recv-Q" is 0 during test.
CPU usage of "ksoftirqd" and my plain TCP-Reader program is 10%.
Except above configuration, where I can tweak kernel?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200227/b806b729/attachment.html>
More information about the Swan
mailing list