We have systems w/ 2k tunnels on them and have noticed for quite a while that they did not perform quite as well as we would hope.
In particular it would take about 3 minutes to load all the policies at startup and if we were attempting to send traffic both ways through all the tunnels, racoon would spin out of control. It seems to spend so much time answering each request that timeouts begin to happen and it can never recover.
Well, I finally got out the profiler and discovered the primary culprits: debug logging statements!
Specifically those of the form:
plog(LLV_DEBUG, LOCATION, NULL, "%s", saddr2str(foo));
In this case saddr2str is called even if debug is not set, so the overhead is _always_ present. spidx2str is called in a similar way. According to the profiler over 75% of the time was in these 2str functions.
This patch makes the code check the logging level before calling those statements so the overhead is no longer needed unless debug is enabled.
End result: All policies loaded in 2 seconds and all tunnels up within 1.5 minutes. AMAZING improvement! Really!
Log in to post a comment.