SixXS::Sunset 2017-06-06

AICCU tunnels CPU overhead
[fr] Carmen Sandiego on Tuesday, 05 August 2008 15:21:24
Hi, I got an ayiya tunnel terminated on an openwrt box. It works quite well so far but the performance isn't as good as one would except : I can't get more than 500KB/sec and when the ipv6 traffic exceeds 350kB/sec, the 4 aiccu processes eat more than 60-70% of the CPU. (I can get ~3MB/sec with ipv4/nat and 8MB/sec with the bridge module on this box and I *think* it has a 266Mhz MIPS CPU) I read in the AYIYA specification that each packet must be signed with either md5 or sha, which could explain such a high CPU load. Is there any way to disable this signing mechanism? As far as I know, 6in4 tunnels aren't signed anyway, so it shouldn't be a big deal security-wise. Does anybody know if an in-kernel implementation of the ayiya protocol exists? I haven't found anything on this subject. Would it be hard to do? Would there be major drawbacks? (mainly portability, I guess) This could help reducing the load too and increase performance, by avoiding multiple user space to kernel space copy operations.
AICCU tunnels CPU overhead
[ch] Jeroen Massar SixXS Staff on Tuesday, 05 August 2008 15:33:35
Is there any way to disable this signing mechanism?
No. It is there because this is the only way it is secure. Also the signing enables the PoP to recognize who you are and that you are really the one sending those packets. Otherwise one could spoof those packets and there would be a lot of work solving all the abuse complaints. We don't have time for that.
As far as I know, 6in4 tunnels aren't signed anyway,
so it shouldn't be a big deal security-wise.
They are a big deal security wise, as these get abused on a daily basis.
Does anybody know if an in-kernel implementation of the ayiya protocol exists?
None that are public, but it wouldn't help so much as the overhead between user-kernel space is not the biggest factor. The signing is the heavy part.
AICCU tunnels CPU overhead
[gb] Shadow Hawkins on Monday, 03 November 2008 11:08:43
For comparison, aiccu with ayiya on an Athlon 2000+ XP uses between 20 and 40% cpu time running at 10M/s (Linux 2.6.25.3 on x86).
AICCU tunnels CPU overhead
[gb] Shadow Hawkins on Monday, 03 November 2008 11:09:13
Whoops, that should have read "10MB/s".

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker