View Issue Details

IDProjectCategoryView StatusLast Update
0006253CentOS-6kernelpublic2013-02-19 14:03
Reporterpetergrace 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Platformx86_64OSCentOSOS Version2.6.32-279.22.1
Product Version6.3 
Target VersionFixed in Version 
Summary0006253: software interrupt percentage goes to 100% when under load from esp
DescriptionWe have a site-to-site VPN between a Cisco ASA and a pair of Linux routers which operate our offsite datacenter for stackoverflow.com. When we turn on SQL replication over the link, software interrupts peg a core at 100% and the ethernet stack becomes so sluggish that performance of the rest of the network is degraded.

Unfortunately I don't have a tremendous amount of detail to provide but will happily do whatever steps required to help pinpoint this issue.
Steps To Reproduce1) setup site-to-site ipsec vpn with KAME-tools, using the kernel built-in esp processor (PF_KEY?)
2) put said vpn tunnel under load
3) watch top in cpu detail mode where a core locks at 100%si
TagsNo tags attached.

Activities

petergrace

petergrace

2013-02-19 14:03

reporter   ~0016504

As an update to this, another person on the internet happened upon this issue (http://www.couyon.net/1/post/2013/02/ipsec-on-rhel6centos6-dont-do-it.html) and found that upping the "/proc/sys/net/ipv4/xfrm4_gc_thresh" value abated the issue.

We tested elrepo-kernel-ml to see if the problem persists and it does, leading me to believe this is a longstanding kernel issue.

Issue History

Date Modified Username Field Change
2013-02-14 01:54 petergrace New Issue
2013-02-19 14:03 petergrace Note Added: 0016504