Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How is IPsec forwarding performance affected by the number of Security Associations (SA) and by the number of selectors (SPD entries)?

affected Associations forwarding IPSEC PERFORMANCE SA security selectors SPD
0
Posted

How is IPsec forwarding performance affected by the number of Security Associations (SA) and by the number of selectors (SPD entries)?

0 CommentsAdd a Comment

1 Answer

0

SA lookup in the fast path is based on a 16-bit hash table so that the number of SA does not significantly impact performance. With regards to the number of selectors, a threshold enables switching from linear search to a trie-based look-up algorithm, depending on the number of entries in the SPD. This enables adjusting the balance between lookup performance and memory usage. Detailed performance test results showing that the number of processed IPsec packets per second is directly proportional to number of cores are available.

0 CommentsAdd a Comment
What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.