[Swan] Libreswan Performance tests

Muenz, Michael m.muenz at spam-fetish.org
Fri Jan 9 15:08:03 EET 2015


Hey,

for a small project I have 2 Nexcom NSA3150 appliances here and did some 
performance testing.
Thought you would be interested in too.

The setup is 2 boxes with a L3 Cataylst between doing the routing. 
Behind the Firewalls 2 PC's. On every system Debian 8 is installed.
Libreswan 3.12 is installed via deb's, KLIPS used, AES256/SHA1/DH14 IKEv1.

This setup will be online for the next week. If someone wants me to test 
some extra stuff, e.g. some sysctl tuning, just drop me a line.
Throughput of over 600mibt is very impressive, cause only one CPU is 
around 50-100% and load is 0.

Made a small site for collecting all the stuff, more routers to come 
...  www.routerperformance.net


TCP tests


iperf -i1 -w 32k -c SRV

————————————————————
Client connecting to 10.12.11.100, TCP port 5001
TCP window size: 64.0 KByte (WARNING: requested 32.0 KByte)
————————————————————
[ 3] local 10.12.10.100 port 48890 connected with 10.12.11.100 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.0 sec 27.2 MBytes 229 Mbits/sec
[ 3] 1.0- 2.0 sec 27.4 MBytes 230 Mbits/sec
[ 3] 2.0- 3.0 sec 27.4 MBytes 230 Mbits/sec
[ 3] 3.0- 4.0 sec 27.4 MBytes 230 Mbits/sec
[ 3] 4.0- 5.0 sec 27.9 MBytes 234 Mbits/sec
[ 3] 5.0- 6.0 sec 27.8 MBytes 233 Mbits/sec
[ 3] 6.0- 7.0 sec 28.0 MBytes 235 Mbits/sec
[ 3] 7.0- 8.0 sec 27.4 MBytes 230 Mbits/sec
[ 3] 8.0- 9.0 sec 27.5 MBytes 231 Mbits/sec
[ 3] 9.0-10.0 sec 27.4 MBytes 230 Mbits/sec
[ 3] 0.0-10.0 sec 275 MBytes 231 Mbits/sec


iperf -i1 -w 512k -c SRV

————————————————————
Client connecting to 10.12.11.100, TCP port 5001
TCP window size: 416 KByte (WARNING: requested 512 KByte)
————————————————————
[ 3] local 10.12.10.100 port 48895 connected with 10.12.11.100 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.0 sec 71.8 MBytes 602 Mbits/sec
[ 3] 1.0- 2.0 sec 72.4 MBytes 607 Mbits/sec
[ 3] 2.0- 3.0 sec 72.8 MBytes 610 Mbits/sec
[ 3] 3.0- 4.0 sec 72.6 MBytes 609 Mbits/sec
[ 3] 4.0- 5.0 sec 72.9 MBytes 611 Mbits/sec
[ 3] 5.0- 6.0 sec 72.8 MBytes 610 Mbits/sec
[ 3] 6.0- 7.0 sec 72.8 MBytes 610 Mbits/sec
[ 3] 7.0- 8.0 sec 72.9 MBytes 611 Mbits/sec
[ 3] 8.0- 9.0 sec 72.6 MBytes 609 Mbits/sec
[ 3] 9.0-10.0 sec 72.8 MBytes 610 Mbits/sec
[ 3] 0.0-10.0 sec 726 MBytes 609 Mbits/sec
UDP with max. packet size (UDP bandwidth) tests


iperf -u -i1 -c SRV -b 100m

————————————————————
Client connecting to 10.12.11.100, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size: 208 KByte (default)
————————————————————
[ 3] local 10.12.10.100 port 52510 connected with 10.12.11.100 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.0 sec 12.0 MBytes 101 Mbits/sec
[ 3] 1.0- 2.0 sec 12.0 MBytes 101 Mbits/sec
[ 3] 2.0- 3.0 sec 12.0 MBytes 101 Mbits/sec
[ 3] 3.0- 4.0 sec 12.0 MBytes 101 Mbits/sec
[ 3] 4.0- 5.0 sec 12.0 MBytes 101 Mbits/sec
[ 3] 5.0- 6.0 sec 12.0 MBytes 101 Mbits/sec
[ 3] 6.0- 7.0 sec 12.0 MBytes 101 Mbits/sec
[ 3] 7.0- 8.0 sec 12.0 MBytes 101 Mbits/sec
[ 3] 8.0- 9.0 sec 12.0 MBytes 101 Mbits/sec
[ 3] 9.0-10.0 sec 12.0 MBytes 101 Mbits/sec
[ 3] 0.0-10.0 sec 120 MBytes 101 Mbits/sec
[ 3] Sent 85471 datagrams
[ 3] Server Report:
[ 3] 0.0-10.0 sec 120 MBytes 101 Mbits/sec 0.124 ms 0/85470 (0%)
[ 3] 0.0-10.0 sec 1 datagrams received out-of-order


iperf -u -i1 -c SRV -b 1000m

————————————————————
Client connecting to 10.12.11.100, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size: 208 KByte (default)
————————————————————
[ 3] local 10.12.10.100 port 56274 connected with 10.12.11.100 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.0 sec 96.9 MBytes 813 Mbits/sec
[ 3] 1.0- 2.0 sec 96.9 MBytes 813 Mbits/sec
[ 3] 2.0- 3.0 sec 97.0 MBytes 813 Mbits/sec
[ 3] 3.0- 4.0 sec 96.8 MBytes 812 Mbits/sec
[ 3] 4.0- 5.0 sec 96.9 MBytes 813 Mbits/sec
[ 3] 5.0- 6.0 sec 96.9 MBytes 813 Mbits/sec
[ 3] 6.0- 7.0 sec 96.8 MBytes 812 Mbits/sec
[ 3] 7.0- 8.0 sec 96.9 MBytes 813 Mbits/sec
[ 3] 8.0- 9.0 sec 96.9 MBytes 813 Mbits/sec
[ 3] 9.0-10.0 sec 96.9 MBytes 813 Mbits/sec
[ 3] 0.0-10.0 sec 969 MBytes 813 Mbits/sec
[ 3] Sent 691135 datagrams
[ 3] Server Report:
[ 3] 0.0-10.0 sec 782 MBytes 655 Mbits/sec 0.021 ms 133660/691134 (19%)
[ 3] 0.0-10.0 sec 1 datagrams received out-of-order
UDP with small packets for PPS measuring


iperf -l 64 -u -i1 -c SRV -b 1000m

————————————————————
Client connecting to 10.12.11.100, UDP port 5001
Sending 64 byte datagrams
UDP buffer size: 208 KByte (default)
————————————————————
[ 3] local 10.12.10.100 port 48714 connected with 10.12.11.100 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.0 sec 4.22 MBytes 35.4 Mbits/sec
[ 3] 1.0- 2.0 sec 4.22 MBytes 35.4 Mbits/sec
[ 3] 2.0- 3.0 sec 4.22 MBytes 35.4 Mbits/sec
[ 3] 3.0- 4.0 sec 4.22 MBytes 35.4 Mbits/sec
[ 3] 4.0- 5.0 sec 4.22 MBytes 35.4 Mbits/sec
[ 3] 5.0- 6.0 sec 4.22 MBytes 35.4 Mbits/sec
[ 3] 6.0- 7.0 sec 4.22 MBytes 35.4 Mbits/sec
[ 3] 7.0- 8.0 sec 4.22 MBytes 35.4 Mbits/sec
[ 3] 8.0- 9.0 sec 4.22 MBytes 35.4 Mbits/sec
[ 3] 9.0-10.0 sec 4.22 MBytes 35.4 Mbits/sec
[ 3] 0.0-10.0 sec 42.2 MBytes 35.4 Mbits/sec
[ 3] Sent 691034 datagrams
[ 3] Server Report:
[ 3] 0.0-10.0 sec 32.7 MBytes 27.5 Mbits/sec 0.081 ms 154583/691033 (22%)
[ 3] 0.0-10.0 sec 1 datagrams received out-of-order


iperf -l 128 -u -i1 -c SRV -b 1000m

————————————————————
Client connecting to 10.12.11.100, UDP port 5001
Sending 128 byte datagrams
UDP buffer size: 208 KByte (default)
————————————————————
[ 3] local 10.12.10.100 port 49532 connected with 10.12.11.100 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 1.0 sec 8.44 MBytes 70.8 Mbits/sec
[ 3] 1.0- 2.0 sec 8.44 MBytes 70.8 Mbits/sec
[ 3] 2.0- 3.0 sec 8.44 MBytes 70.8 Mbits/sec
[ 3] 3.0- 4.0 sec 8.44 MBytes 70.8 Mbits/sec
[ 3] 4.0- 5.0 sec 8.44 MBytes 70.8 Mbits/sec
[ 3] 5.0- 6.0 sec 8.44 MBytes 70.8 Mbits/sec
[ 3] 6.0- 7.0 sec 8.44 MBytes 70.8 Mbits/sec
[ 3] 7.0- 8.0 sec 8.44 MBytes 70.8 Mbits/sec
[ 3] 8.0- 9.0 sec 8.44 MBytes 70.8 Mbits/sec
[ 3] 9.0-10.0 sec 8.44 MBytes 70.8 Mbits/sec
[ 3] 0.0-10.0 sec 84.4 MBytes 70.8 Mbits/sec
[ 3] Sent 691024 datagrams
[ 3] Server Report:
[ 3] 0.0-10.0 sec 62.6 MBytes 52.5 Mbits/sec 0.096 ms 177915/691023 (26%)
[ 3] 0.0-10.0 sec 1 datagrams received out-of-order


Michael



More information about the Swan mailing list