Issue #3122
Strongswan software iterupts
Description
hello,
I'm using Strongswan strongSwan 5.7.1, Linux 3.10.0-957.1.3.el7.x86_64, x86_64 paired with cisco device.
I started to route more traffic ~500mb/s into strongswan side, and after that i started to get software interupts:
%Cpu4 : 2.8 us, 5.6 sy, 0.0 ni, 29.2 id, 0.0 wa, 0.0 hi, 62.5 si, 0.0 st
%Cpu5 : 3.9 us, 5.2 sy, 0.0 ni, 22.1 id, 0.0 wa, 0.0 hi, 68.8 si, 0.0 st
afaik it could slow down performance.
Is there any ways to balance it between all 24 server cores ?
My ipsec.conf:
conn net-nyrouter
left=37.157.xxx.xxx
leftsubnet=37.157.xxx.xxx/32[gre]
rightsubnet=185.167.yyy.yyy/32[gre]
leftfirewall=no
ike=aes-sha1-modp1024
esp=aes128gcm16-modp1024
right=185.167.yyy.yyy
type=tunnel
authby=psk
auto=add
Thank you
Related issues
History
#1 Updated by Tobias Brunner over 2 years ago
- Has duplicate Issue #2328: softIRQ maxed-out to 100% only on one core with ipsec added
#2 Updated by Noel Kuntze over 2 years ago
- Category set to configuration
- Status changed from New to Feedback
Hello,
Configure RSS and RPS. It will improve performance with one SA though. You'd need to have several and balance them over several rx queues and pin them to different cores to increase the performance further and make use of multithreading.
#3 Updated by Tobias Brunner about 1 year ago
- Related to Issue #3298: strategies to improve strongswan performance per single SA added