[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] Performance issue with 20k IPsec tunnels (using 5.0.4 strongswan and load-tester pl
From: Martin Willi <martin () strongswan ! org>
Date: 2013-09-25 7:40:00
Message-ID: 1380094800.2981.8.camel () martin
[Download RAW message or body]
> I find, there are lots of retransmissions (as it prints the status of
> the initiation with *character mostly) in console. I know, these are
> certainly considered to be bad. But I have set the retransmit_timeout
> and retransmit_tries to 300 seconds and 300 times respectively, which
> is a huge.
The retransmissions usually indicate that one of the peers is
overloaded. Increasing retransmission timeouts can't solve your
performance limitations; this might help to work around the issues you
see in your lab, but certainly does not resemble what you have on a real
setup. Further, the charon.half_open_timeout strongswan.conf setting
defaulting to 30s will delete the IKE_SA on the responder if it does not
come up within that timeout.
As said before, I think you should focus on finding the bottleneck of
your setup rather than adjusting your client configuration. Use a
profiling tool.
Regards
Martin
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic