Polling Mode vs. Interrupt Mode

There are two methods by which TNSR can acquire new data to process for cryptographic operations and for packets on interfaces: Polling mode and Interrupt mode. TNSR uses polling mode by default.

Polling Mode

In polling mode, the CPU is kept in a tight loop constantly checking for new data to process.

This way the system is processing data as fast as it can be obtained, but at the cost of potentially consuming more power, generating more heat, and showing CPU cores involved in these operations as consuming 100% CPU at all times.

Interrupt Mode

Interrupt mode allows the hardware to signal that it has new data to process, at which time TNSR will process the new data in batches.

In some cases this can be slower at noticing new data than polling mode. However, VPP is very efficient at processing batches of data, so it can potentially be faster for certain workloads. There is a possibility of increased latency and reduced throughput, but it depends on the hardware, environment, and workload. Since interrupt mode is not constantly running CPU cores at 100% like polling mode, it can consume less power and generate less heat.


The interface drivers must fully support interrupt mode or it will not function properly. For example, packets may arrive but the driver may not generate interrupts, so the dataplane does not receive the packets.

If packets fail to pass on an interface after changing it to interrupt mode, then that interface is not capable of using interrupt mode with the current driver.

This is known to be an issue with certain interfaces such as:

  • Intel X553 10G SFP+ interfaces using the ixgbe driver

  • Intel i225 and i226 2.5G interfaces

This limitation may affect other types of interfaces as well.

Switching completely to interrupt mode requires setting asynchronous cryptographic processing and all supported interfaces to interrupt mode.

Asynchronous Cryptographic Processing

With asynchronous cryptographic processing, encrypted and decrypted packets are processed by polling for completed operations by default. This behavior can optionally be interrupt-based.

The following command configures the asynchronous cryptographic processing mode:

tnsr(config)# crypto asynchronous dispatch-mode (interrupt|polling)


Interfaces can individually be set to use interrupt or polling mode to acquire new packet data. The rx-mode command in the Interface Configuration Options controls this behavior. Polling mode is the current default behavior.

tnsr(config)# interface <name>
tnsr(config-interface)# rx-mode (interrupt|polling)

This option can be set on hardware interfaces and virtual interfaces (e.g. VPN and other tunnels), but it cannot be set on VLAN subinterfaces.


As mentioned previously, to fully transition to interrupt mode, every supported interface must be set to interrupt mode along with asynchronous cryptographic processing.

See also

See the entry for rx-mode in Interface Configuration Options for more information on how this option works on different types of interfaces.