[Cerowrt-devel] 7000 traps a second (and dropping). Ipsec, anyone?

Dave Taht dave.taht at gmail.com
Thu Apr 19 02:32:58 EDT 2012


is out.

After a truly epic bug hunt...


ipv6 and ipv4 are performing comparably. (the major differences are
due to the firewall rules)

It looks like we tacked on another 20-30Mbit of peak performance for
ipv4 as well (I see it peak at 290Mbit now with no firewall rules, no

which is currently bounded by the last remaining traps in the aqm
code, which we haven't found yet. I have high hopes we will find the
rest over the next week.

If there are any favors I can ask of the list, if there is anyone out
there that can run openvpn and/or strongswan on this release? OR: I
would like to be able to connect an openvpn and/or ipsec client
50-200ms away to make sure the aqm stuff doesn't mess with that too
much, too. (or vice versa)

as we A) fixed up that code and B) expect ipsec at the very least, to
be much faster. C) Or, crash.

I spent a little time fiddling with how to create a 4in6 tunnel
unencrypted and didn't get anywhere.

This is not quite good enough to make it someplace with 4in6

opkg update
opkg install kmod-ip6-tunnel


LOCAL=`ip -o addr show dev ge00 | grep 2001 | awk '{print $4}' | cut -f1 -d/`

ip -6 tunnel add ip6tnl1 mode ip4ip6 remote ${DEST} local ${LOCAL}
ip link set dev ip6tnl1 up
ip -6 route add dev ip6tnl1 metric 4
ip addr add dev ip6tnl1

Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608

More information about the Cerowrt-devel mailing list