[strongSwan] AWS Parallelisation
Nicolas Fitton
NF at post-quantum.com
Mon Jun 26 18:58:45 CEST 2017
Hi All,
I’ve setup strongSwan on two AWS instances (London & North Virginia) and after running some tests I’ve found that parallelisation does not seem to significantly speed up the broadcast rate, here are my test specs:
The test:
Run iperf tests to see the bandwidth
To make sure you’re not throttled by iperf, run with up to 10 threads (so one test with 1 thread, one test with two threads and so on).
Run each iperf test for 60 seconds at a packet size of 1500
Run this test for standard packets (no VPN), standard strongSwan (VPN from Private IP to Private IP no parallelisation) and parallel strongSwan (VPN from Private IP to Private IP with parallelisation).
Parallelisation is induced with crconf as described in the strongSwan parallelisation page (modprobe crypt and then crconf add driver "pcrypt(authenc(hmac(sha256),cbc(aes)))" type 3).
Run these tests for two sizes of instances (by this I mean run tests between two of the same size):
1. t2.medium (2 cores)
2. c4.8xlarge (36 cores)
The results were then logged in this spreadsheet: https://docs.google.com/spreadsheets/d/1bgLkkzabw93hUK86gRdWqHfxn0YaE5S2l6DW36VaO3o/edit?usp=sharing
As you can see from the spreadsheet, there seems to be no reason to use parallel strongSwan on AWS servers, is this an issue with AWS (as when I’ve run these tests locally parallelisation is significantly faster) or is it a problem with the version of strongSwan I’m using (strongSwan U5.5.2/K4.4.0-1020-aws)
Any advice is greatly appreciated and I’m happy to add extra information to this thread tomorrow (I’m on BST).
Kind Regards
Nicholas Fitton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170626/ff4bab33/attachment.html>
More information about the Users
mailing list