Project

General

Profile

Issue #3693

Policy-based vs. Route-based - Data throughput

Added by Jiri Zendulka 10 months ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Category:
kernel
Affected version:
5.8.4
Resolution:
No change required

Description

I implemented route-based IPsec on embedded devices (armv7) and I noticed that route-based IPsec has lower data throughput than policy-based - about 10-20% (depending on the type of ESP cipher). Is this the expected value? I know that some performance is needed for routing via the xfrm interface, but I expected value around 5%. Do you have any experience with similar measurements on other platforms?

History

#1 Updated by Tobias Brunner 10 months ago

  • Category set to kernel
  • Status changed from New to Feedback

Is this the expected value?

No idea, but it's possible that there is some bottleneck (e.g. in regards to routing, MTU or even policy matching).

Do you have any experience with similar measurements on other platforms?

No experience whatsoever, sorry.

#2 Updated by Jiri Zendulka 10 months ago

Ok. You can close the issue. Thanks.

#3 Updated by Tobias Brunner 10 months ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No change required

Also available in: Atom PDF