Network performance impact on OpenShift Container Platform 4 when configure IPsec with OVN-Kubernetes network plugin

Solution Verified - Updated -

Issue

  • While evaluating OVN-Kubernetes we also enabled IPsec to secure traffic between nodes and found that once IPsec is enabled, we only achieve about 1/4 of the throughput vs. when IPsec is actually disabled. Can you please help us understand why this is (some impact is expected but not that much).
  • We have enabled IPsec encryption for OVN following Configuring IPsec encryption. Afterwards, network bandwidth tests with iperf showed a heavy impact on the network performance.
    • Without ipsec: ~8Gbit/sec
    • With ipsec: ~2Gbit/sec

Environment

  • Red Hat OpenShift Container Platform (RHOCP) 4
  • OVN-Kubernetes

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content