Results 1 to 1 of 1
Hello all, I have an application over UDP passing 300 pkts per seconds full duplex to same destination always. Running on kernel 184.108.40.206 on PPC platform. Work perfectly, CPU usage ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-20-2011 #1
- Join Date
- Nov 2011
High SoftIRQ CPU usage while ipsec active
I have an application over UDP passing 300 pkts per seconds full duplex to same destination always.
Running on kernel 220.127.116.11 on PPC platform.
Work perfectly, CPU usage is close to 0%.
Upon adding an IP SEC policy (ESP in transport mode), CPU usage goes 50-100% Soft IRQ context. The encryption processing seems not an issue, since null encryption and H/W acceleration has same effect.
Another interesting fact is that setting "/proc/sys/net/ipv4/xfrm4_gc_thresh" to a relatively small (0-100 instead of 3276 solves the issue.
I understood that reducing this threshold will cause garbage collector to run more frequently. However, I am not sure what is going on behind the scenes, packets are flowing as I said to same destination and even UDP port, only payload is changing (but cyclically repeats after ~100 packets).
My guess is that __xfrm4_find_bundle works harder unless garbage collector runs frequently.
1.Why garbage collector is needed when there is only 1 flow?
2.Is there any bug report / patch for xfrm package on this subject?
Thank you very much,