[strongSwan] GCM/AES-NI Performance

Noel Kuntze noel at familie-kuntze.de
Mon Jan 19 22:49:41 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Tim, Hello Sidney,

As a side note: there is the pcrypt module, which is a wrapper around the encryption and authentication algorithms
to make them parallelizable. Also, using hardware accelerated algorithms (AES with AES-NI, for example) is very good for obvious reasons.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 19.01.2015 um 21:21 schrieb McCaffrey, Timothy M:
> Sydney Meyer wrote:
>
>> I am getting about 400 Mbit/s with iperf on Debian 7 (AMD64) with Linux 3.16.7, strongSwan 5.2.1 and "ike=aes128gcm16-aesxcbc-modp1024", "esp=aes128gcm16-modp1024" on a Intel Haswell i3 (4130T).
>
>
> Performance tests I've done indicate somewhere between 25-40 Megabytes per CPU Ghz.  IOW, for a i3-4130 (max 2.9 Ghz) you would
> expect somewhere between 70-125 Megabytes/second. 
>
> 1) Do you have hyperthreading on?  Turn it off, IPsec is pretty serialized, it is better to have faster CPUs rather than more of them.
>
> 2) Use mpstat & top to determine actual CPU usage. 
>     a) If you are pegging a CPU, perhaps there is some tuning for the NIC that may help (irq coalescing, etc).
>     b) If the CPU is not pegged, then perhaps you are having a TCP issue, and need to run iperf
>          with bigger buffers/window sizes (some tweeking Is also possible using ifconfig).
>
>     Good luck - Tim
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUvXvyAAoJEDg5KY9j7GZYENoP/jMhr4qv8lzcLVDQcIZ5qGwz
RUuYejwvmvfrAYoIaUdq4+dOI8bfX5Z5ejA16+r3/vxFC9wOcnH9XgsmBrPRuvuA
dnZ1yY9iNN0M31OyYCEkreWopcHrhF8APrr8s4W9GqstvecvhqS+2VNGvEDSglNK
yDjGEN7nWtKG8p3ABA+AYKjN5doMFA0wFVlceUF+DpOHivRN7BgR/IM1AvOscszn
Rc8aLUqveiApBOrbcCJTdhYqCFQOGkreZB/tuTKx54eMzpbYCYNctvlL6kwd3Lp7
tX+547X3eRtIT/WQ3EDXT8bqwrnerPb3aC6T+L+nMfzdDeKzgJp5vNMGFnWAwDDq
f+4BonzWNiAw8Jn7wV8CKE07DdmdWEIZQWXP6SJWF4tFc66pTFlkNRleuA/2ah74
7SFJTqlx+G7Ps6RrvWUNHJ4zuUzm2V2rnypXaM3bGoOXDiiE8YR5wnlYhhTqIszX
L/yUxICsKPrJO9ZQL1iU71Mrgt95tImZq2fxUyQNPTv1VoYnQUJIW9RP47fXe0qt
2mWe6hxzPXG6uLzcGJzBXQ/c8aM8YXDdpd1U24A6jlP/JrZ5DqlZymKVAN7qMNEd
kHbjSNKvVMKyYQ6uArPAyetphohNWILm46z5SGGHiOJoKqbIaiAbQ1nj/yfK8vxi
WKzfWhj4gRT3Tpofuv6W
=BSPS
-----END PGP SIGNATURE-----




More information about the Users mailing list