High SoftIRQ CPU usage while ipsec active
I have an application over UDP passing 300 pkts per seconds full duplex to same destination always.
Running on kernel 220.127.116.11 on PPC platform.
Work perfectly, CPU usage is close to 0%.
Upon adding an IP SEC policy (ESP in transport mode), CPU usage goes 50-100% Soft IRQ context. The encryption processing seems not an issue, since null encryption and H/W acceleration has same effect.
Another interesting fact is that setting "/proc/sys/net/ipv4/xfrm4_gc_thresh" to a relatively small (0-100 instead of 32768) solves the issue.
I understood that reducing this threshold will cause garbage collector to run more frequently. However, I am not sure what is going on behind the scenes, packets are flowing as I said to same destination and even UDP port, only payload is changing (but cyclically repeats after ~100 packets).
My guess is that __xfrm4_find_bundle works harder unless garbage collector runs frequently.
1.Why garbage collector is needed when there is only 1 flow?
2.Is there any bug report / patch for xfrm package on this subject?
Thank you very much,