[strongSwan] GCM/AES-NI Performance

Sydney Meyer syd.meyer at gmail.com
Tue Jan 20 02:48:33 CET 2015

@Timothy: Thanks, that sounds reasonable.. I read this Paper from Intel about Improving IPSec Performance with AESNI and GCM in Linux Crypto, but they've used a multi-queue NIC with Receive Side Scaling and a dedicated CPU-Core per Flow from a Six Core HT-capable Xeon. In Fact, they have shown that enabling HT can actually be beneficial, if you have multiple Tunnel and you (can) set IRQ CPU affinity. The Bottleneck here was definitely Kernel ESP-Processing and Network Stack handling.

What I probably should have mentioned earlier: I did this quick test on a Xen HVM DomU with a single, pinned CPU-Core and AESNI enabled via xen-netfront devices. So my guess would be that the ~400 MBit/s are about right for the overhead and the drawbacks (cpu0 hammered by irqs on a single queue) of a virtualized environment and your indicated average is what i would also expect from a real world implementation, so thanks again.

@Noel: Yes, I read about this here (https://www.strongswan.org/docs/Steffen_Klassert_Parallelizing_IPsec.pdf). I guess this helps if you are using e.g. AES in CBC-Mode with SHA1, but i am not sure about GCM, because of its "authenticated encryption design" (no crypto expert here:). But you surely have read this already. But nonetheless, thanks for your tip.


> On 19 Jan 2015, at 22:49, Noel Kuntze <noel at familie-kuntze.de> wrote:
> Hash: SHA256
> Hello Tim, Hello Sidney,
> As a side note: there is the pcrypt module, which is a wrapper around the encryption and authentication algorithms
> to make them parallelizable. Also, using hardware accelerated algorithms (AES with AES-NI, for example) is very good for obvious reasons.
> Mit freundlichen Grüßen/Regards,
> Noel Kuntze
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> Am 19.01.2015 um 21:21 schrieb McCaffrey, Timothy M:
>> Sydney Meyer wrote:
>>> I am getting about 400 Mbit/s with iperf on Debian 7 (AMD64) with Linux 3.16.7, strongSwan 5.2.1 and "ike=aes128gcm16-aesxcbc-modp1024", "esp=aes128gcm16-modp1024" on a Intel Haswell i3 (4130T).
>> Performance tests I've done indicate somewhere between 25-40 Megabytes per CPU Ghz.  IOW, for a i3-4130 (max 2.9 Ghz) you would
>> expect somewhere between 70-125 Megabytes/second. 
>> 1) Do you have hyperthreading on?  Turn it off, IPsec is pretty serialized, it is better to have faster CPUs rather than more of them.
>> 2) Use mpstat & top to determine actual CPU usage. 
>>    a) If you are pegging a CPU, perhaps there is some tuning for the NIC that may help (irq coalescing, etc).
>>    b) If the CPU is not pegged, then perhaps you are having a TCP issue, and need to run iperf
>>         with bigger buffers/window sizes (some tweeking Is also possible using ifconfig).
>>    Good luck - Tim
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
> Version: GnuPG v2
> RUuYejwvmvfrAYoIaUdq4+dOI8bfX5Z5ejA16+r3/vxFC9wOcnH9XgsmBrPRuvuA
> dnZ1yY9iNN0M31OyYCEkreWopcHrhF8APrr8s4W9GqstvecvhqS+2VNGvEDSglNK
> yDjGEN7nWtKG8p3ABA+AYKjN5doMFA0wFVlceUF+DpOHivRN7BgR/IM1AvOscszn
> Rc8aLUqveiApBOrbcCJTdhYqCFQOGkreZB/tuTKx54eMzpbYCYNctvlL6kwd3Lp7
> tX+547X3eRtIT/WQ3EDXT8bqwrnerPb3aC6T+L+nMfzdDeKzgJp5vNMGFnWAwDDq
> f+4BonzWNiAw8Jn7wV8CKE07DdmdWEIZQWXP6SJWF4tFc66pTFlkNRleuA/2ah74
> 7SFJTqlx+G7Ps6RrvWUNHJ4zuUzm2V2rnypXaM3bGoOXDiiE8YR5wnlYhhTqIszX
> L/yUxICsKPrJO9ZQL1iU71Mrgt95tImZq2fxUyQNPTv1VoYnQUJIW9RP47fXe0qt
> 2mWe6hxzPXG6uLzcGJzBXQ/c8aM8YXDdpd1U24A6jlP/JrZ5DqlZymKVAN7qMNEd
> kHbjSNKvVMKyYQ6uArPAyetphohNWILm46z5SGGHiOJoKqbIaiAbQ1nj/yfK8vxi
> WKzfWhj4gRT3Tpofuv6W
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list