IPsec performance over UDP

I did some testing for IPsec performance over UDP. I used two identical PCs, 
connected back-to-back, with Intel Xeon 2.8GHz (SMP/SMT disabled), 512MB RAM, 
e1000 (82546EB), running Linux  

I tested AES {128,192,256}, DES, 3DES, SHA, MD5 and various combinations of 
them for ESP and AH.

Network performance:

CPU utilization:

The "unexpected" result is that there is 30% idle time even if the network is 
not saturated! On the other hand, TCP seems to behave more normally:

Network performance:

CPU utilization:

Any ideas?

All tests are 100% reproducible.

Additional infos:
MTU 1500
IPsec mode: transport, using preshared keys
netperf 2.3pl1
CPU utilization from /proc/stat

 Michael Iatrou
 Electrical and Computer Engineering Dept.
 University of Patras, Greece

