Policy-based vs. Route-based - Data throughput
I implemented route-based IPsec on embedded devices (armv7) and I noticed that route-based IPsec has lower data throughput than policy-based - about 10-20% (depending on the type of ESP cipher). Is this the expected value? I know that some performance is needed for routing via the xfrm interface, but I expected value around 5%. Do you have any experience with similar measurements on other platforms?
#1 Updated by Tobias Brunner over 1 year ago
- Category set to kernel
- Status changed from New to Feedback
Is this the expected value?
No idea, but it's possible that there is some bottleneck (e.g. in regards to routing, MTU or even policy matching).
Do you have any experience with similar measurements on other platforms?
No experience whatsoever, sorry.