Bug 710645

Summary: Big performance regression found on connect/request/response test through IPSEC (openswan) transport
Product: Red Hat Enterprise Linux 6 Reporter: Ken Reilly <kreilly>
Component: kernelAssignee: Frantisek Hrbata <fhrbata>
Status: CLOSED ERRATA QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: high Docs Contact:
Priority: high    
Version: 6.0CC: aokuliar, dhoward, herbert.xu, jolsa, jpirko, jwest, nhorman, pm-eus, rmusil, sgrubb, tgraf
Target Milestone: rcKeywords: Regression, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel-2.6.32-71.33.1.el6 Doc Type: Bug Fix
Doc Text:
The XFRM_SUB_POLICY feature causes all bundles to be at the finest granularity possible. As a result of the data structure used to implement this, the system performance would drop considerably. This update disables a part of XFRM_SUB_POLICY, eliminating the poor performance at the cost of sub-IP address selection granularity in the policy.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-02 16:54:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 631833    
Bug Blocks:    

Description Ken Reilly 2011-06-03 21:46:38 UTC 
This bug has been copied from bug #631833 and has been proposed
to be backported to 6.0 z-stream (EUS).
Comment 7 Adam Okuliar 2011-07-21 11:26:02 UTC 
verified on 
hp-dl380g7-01.lab.eng.brq.redhat.com
with 
2.6.32-71.34.1.el6.x86_64

netperf -H 172.16.20.21 -L 172.16.20.11 -t TCP_CRR TCP Connect/Request/Response TEST from 172.16.20.11 (172.16.20.11) port 0 AF_INET to 172.16.20.21 (172.16.20.21) port 0 AF_INET : histogram : interval
Local /Remote
Socket Size   Request  Resp.   Elapsed  Trans.
Send   Recv   Size     Size    Time     Rate         
bytes  Bytes  bytes    bytes   secs.    per sec   

16384  87380  1        1       10.00    3306.19   
16384  87380 
[root@hp-dl380g7-01 ~]# netperf -H 172.16.20.21 -L 172.16.20.11 -t TCP_CRR 
TCP Connect/Request/Response TEST from 172.16.20.11 (172.16.20.11) port 0 AF_INET to 172.16.20.21 (172.16.20.21) port 0 AF_INET : histogram : interval
Local /Remote
Socket Size   Request  Resp.   Elapsed  Trans.
Send   Recv   Size     Size    Time     Rate         
bytes  Bytes  bytes    bytes   secs.    per sec   

16384  87380  1        1       10.00    3315.89   
16384  87380
Comment 8 errata-xmlrpc 2011-08-02 16:54:46 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-1106.html
Comment 9 Martin Prpič 2011-08-18 14:42:46 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The XFRM_SUB_POLICY feature causes all bundles to be at the finest
granularity possible. As a result of the data structure used to implement
this, the system performance would drop considerably. This update disables
a part of XFRM_SUB_POLICY, eliminating the poor performance at the cost of
sub-IP address selection granularity in the policy.