Subject: Re: IPSEC in GENERIC
To: None <tech-kern@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-kern
Date: 02/21/2006 14:55:26
On Tue, Feb 21, 2006 at 09:34:43AM -0800, Jonathan Stone wrote:
>
> Christos... I'm also wondering about Thor's comment about packet
> fowarding. I'm assuming Thor's comment is independent of any of my
> ad-hoc measurements. My, er, nasty suspicious mind is wondering if
> Thor's results are from a low-end or embedded machine with a small
> I-cache (say, 16k or less).
That's right -- I saw approximately a 20% drop in throughput with 1K
datagrams flowing across a Soekris net4501.
I dug into it a little bit, but I'm actually having trouble remembering
what I found. I think, among other things, at the time when I looked
(well over a year ago) options IPSEC may have disabled the fast-path
forwarding code entirely.
Thor