From: Timo Teras <timo.teras@iki.fi>
To: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Andrew Collins <bsderandrew@gmail.com>, netdev@vger.kernel.org
Subject: Re: ipsec smp scalability and cpu use fairness (softirqs)
Date: Tue, 13 Aug 2013 10:57:57 +0300 [thread overview]
Message-ID: <20130813105757.39fb0ab8@vostro> (raw)
In-Reply-To: <20130813074614.GM25511@secunet.com>
On Tue, 13 Aug 2013 09:46:14 +0200
Steffen Klassert <steffen.klassert@secunet.com> wrote:
> On Tue, Aug 13, 2013 at 09:23:12AM +0300, Timo Teras wrote:
> >
> > For my scenario it will be usually even same SPI. So even if flow
> > dissector learns ESP and uses SPI in hash, I'd need a way to balance
> > traffic to multiple SAs.
> >
> > I guess the place where I'd want to see the distribution to cores is
> > crypto_aead_*() calls. In fact, it seems there's code infracture
> > already for it: crypto/cryptd.c. Seems it needs to be manually
> > configured and only few places e.g. aesni gcm parts use it.
> >
> > I'm wondering if it'd make sense to patch net/xfrm/xfrm_algo.c to
> > use cryptd? Or at least have a Kconfig or sysctl option make it do
> > so.
>
> It is possible to configure the used crypto algorithm from userspace
> with the crypto user configuration API, see crypto/crypto_user.c.
>
> I wrote to tool that usses this API some time ago, it is still
> a bit rudimentary but it does the job. You can find it at:
> https://sourceforge.net/projects/crconf/
Exactly what I was looking for! Thanks!
> Also, if you want parallelism, you could use the pcrypt algorithm.
> It sends the crypto requests asynchronously round robin to a
> configurable set of cpus. Finaly it takes care to bring the
> served crypto requests back into the order they were submitted
> to avoid packet reordering.
Right. Looks like this helps a lot.
Perhaps it would be worth to experiment also with RPS type hash based
cpu selection?
> Currently we have only one systemwide workqueue for encryption
> and one decryption. So all IPsec packets are send to the same
> workqueue, regardless which state they use.
>
> I have patches that make it possible to configure a separate
> workqueue for each state or to group some states to a specific
> workqueue. These patches are still unpublished because they
> have not much testing yet, but I could send them after some
> polishing for review or testing if you are interested.
Yes, I'd be interested.
Thanks!
next prev parent reply other threads:[~2013-08-13 7:58 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-12 13:01 ipsec smp scalability and cpu use fairness (softirqs) Timo Teras
2013-08-12 21:58 ` Andrew Collins
2013-08-13 6:23 ` Timo Teras
2013-08-13 7:46 ` Steffen Klassert
2013-08-13 7:57 ` Timo Teras [this message]
2013-08-13 10:45 ` Steffen Klassert
2013-08-13 11:33 ` Timo Teras
2013-08-13 11:56 ` Steffen Klassert
2013-08-13 12:41 ` Timo Teras
2013-08-20 6:19 ` Steffen Klassert
2013-08-20 6:39 ` Timo Teras
2013-08-20 6:17 ` Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130813105757.39fb0ab8@vostro \
--to=timo.teras@iki.fi \
--cc=bsderandrew@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.