Ipsec - шыфрование 3des - малая скорость трафика
Добавлено: 2015-07-19 13:27:08
Привет, кто как решает проблему с падением скорости за счет шифрования 3des?
Перегреется танк, заведу звездолёт...
https://forum.lissyara.su/
Код: Выделить всё
[Global]
Comment "Global section"
# node name (not include optional part)
NodeBase "iqn.2015-03.dom2009.com"
# files
PidFile /var/run/istgt.pid
AuthFile /usr/local/etc/istgt/auth.conf
# directories
# for removable media (virtual DVD/virtual Tape)
MediaDirectory /var/istgt
# syslog facility
LogFacility "local7"
# socket I/O timeout sec. (polling is infinity)
Timeout 30
# NOPIN sending interval sec.
NopInInterval 20
# authentication information for discovery session
DiscoveryAuthMethod Auto
#DiscoveryAuthGroup AuthGroup9999
# reserved maximum connections and sessions
# NOTE: iSCSI boot is 2 or more sessions required
MaxSessions 16
MaxConnections 4
# maximum number of sending R2T in each connection
# actual number is limited to QueueDepth and MaxCmdSN and ExpCmdSN
# 0=disabled, 1-256=improves large writing
MaxR2T 32
# iSCSI initial parameters negotiate with initiators
# NOTE: incorrect values might crash
MaxOutstandingR2T 16
DefaultTime2Wait 2
DefaultTime2Retain 60
FirstBurstLength 262144
MaxBurstLength 1048576
MaxRecvDataSegmentLength 262144
# NOTE: not supported
InitialR2T Yes
ImmediateData Yes
DataPDUInOrder Yes
DataSequenceInOrder Yes
ErrorRecoveryLevel 0
[UnitControl]
Comment "Internal Logical Unit Controller"
#AuthMethod Auto
AuthMethod CHAP Mutual
AuthGroup AuthGroup10000
# this portal is only used as controller (by istgtcontrol)
# if it's not necessary, no portal is valid
#Portal UC1 [::1]:3261
Portal UC1 127.0.0.1:3261
# accept IP netmask
#Netmask [::1]
Netmask 127.0.0.1
# You should set IPs in /etc/rc.conf for physical I/F
[PortalGroup1]
Comment "SINGLE PORT TEST"
# Portal Label(not used) IP(IPv6 or IPv4):Port
#Portal DA1 [2001:03e0:06cf:0003:021b:21ff:fe04:f405]:3260
Portal DA1 10.144.40.2:3260
# wildcard address you may need if use DHCP
# DO NOT USE WITH OTHER PORTALS
#[PortalGroup1]
# Comment "ANY IP"
# # Portal Label(not used) IP(IPv6 or IPv4):Port
# #Portal DA1 [::]:3260
# Portal DA1 0.0.0.0:3260
[InitiatorGroup1]
Comment "Initiator Group1"
# name with ! deny login/discovery
#InitiatorName "!iqn.1991-05.com.microsoft:moon"
# spetified name allow login/discovery
#InitiatorName "iqn.1991-05.com.microsoft:saturn"
# special word "ALL" match all of initiators
InitiatorName "ALL"
#Netmask 0.0.0.0/0
# TargetName, Mapping, UnitType, LUN0 are minimum required
[LogicalUnit1]
Comment "Hard Disk Sample"
# full specified iqn (same as below)
#TargetName iqn.2007-09.jp.ne.peach.istgt:disk1
# short specified non iqn (will add NodeBase)
TargetName disk1
TargetAlias "Data Disk1"
# use initiators in tag1 via portals in tag1
Mapping PortalGroup1 InitiatorGroup1
# accept both CHAP and None
AuthMethod Auto
AuthGroup AuthGroup1
#UseDigest Header Data
UseDigest Auto
UnitType Disk
# SCSI INQUIRY - Vendor(8) Product(16) Revision(4) Serial(16)
#UnitInquiry "FreeBSD" "iSCSI Disk" "0123" "10000001"
# Queuing 0=disabled, 1-255=enabled with specified depth.
#QueueDepth 32
# override global setting if need
#MaxOutstandingR2T 16
#DefaultTime2Wait 2
#DefaultTime2Retain 60
#FirstBurstLength 262144
#MaxBurstLength 1048576
#MaxRecvDataSegmentLength 262144
#InitialR2T Yes
#ImmediateData Yes
#DataPDUInOrder Yes
#DataSequenceInOrder Yes
#ErrorRecoveryLevel 0
# LogicalVolume for this unit on LUN0
# for file extent
LUN0 Storage /disk2/istgt-disk1 300GB
# for raw device extent
#LUN0 Storage /dev/ad4 Auto
# for ZFS volume extent
#LUN0 Storage /dev/zvol/tank/istgt-vol1 Auto
# override the serial of LUN0 specified with UnitInquiry
#LUN0 Option Serial "10000001"
# for 3.5inch, 7200rpm HDD
# RPM 0=not reported, 1=non-rotating(SSD), n>1024 rpm
LUN0 Option RPM 7200
# FormFactor 0=not reported, 1=5.25, 2=3.5, 3=2.5, 4=1.8, 5=less 1.8 inch
LUN0 Option FormFactor 2
# for 2.5inch, SSD
#LUN0 Option RPM 1
#LUN0 Option FormFactor 3
# for future use (enabled by default)
#LUN0 Option ReadCache Disable
# control WCE(mode page 8) and O_FSYNC/O_SYNC on the backing store (enabled by default)
#LUN0 Option WriteCache Disable
#[LogicalUnit2]
# # SCSI commands pass through to SCSI device by CAM
# Comment "Pass-through Disk Sample"
# TargetName pass-disk1
# TargetAlias "Pass Through Disk1"
# Mapping PortalGroup1 InitiatorGroup1
# AuthMethod Auto
# AuthGroup AuthGroup1
# UnitType Pass
# # DO NOT SPECIFY PARTITION, PASS-THROUGH USE ENTIRE LOGICAL UNIT
# LUN0 Device /dev/da0