[strongSwan] GCM/AES-NI Performance
McCaffrey, Timothy M
Timothy.McCaffrey at unisys.com
Mon Jan 19 21:21:28 CET 2015
Sydney Meyer wrote:
>I am getting about 400 Mbit/s with iperf on Debian 7 (AMD64) with Linux 3.16.7, strongSwan 5.2.1 and "ike=aes128gcm16-aesxcbc-modp1024", "esp=aes128gcm16-modp1024" on a Intel Haswell i3 (4130T).
Performance tests I've done indicate somewhere between 25-40 Megabytes per CPU Ghz. IOW, for a i3-4130 (max 2.9 Ghz) you would
expect somewhere between 70-125 Megabytes/second.
1) Do you have hyperthreading on? Turn it off, IPsec is pretty serialized, it is better to have faster CPUs rather than more of them.
2) Use mpstat & top to determine actual CPU usage.
a) If you are pegging a CPU, perhaps there is some tuning for the NIC that may help (irq coalescing, etc).
b) If the CPU is not pegged, then perhaps you are having a TCP issue, and need to run iperf
with bigger buffers/window sizes (some tweeking Is also possible using ifconfig).
Good luck - Tim
More information about the Users
mailing list