[Swan] Libreswan Performance tests
Michael Schwartzkopff
ms at sys4.de
Fri Jan 9 15:21:43 EET 2015
Am Freitag, 9. Januar 2015, 14:08:03 schrieb Muenz, Michael:
> Hey,
>
> for a small project I have 2 Nexcom NSA3150 appliances here and did some
> performance testing.
> Thought you would be interested in too.
>
> The setup is 2 boxes with a L3 Cataylst between doing the routing.
> Behind the Firewalls 2 PC's. On every system Debian 8 is installed.
> Libreswan 3.12 is installed via deb's, KLIPS used, AES256/SHA1/DH14 IKEv1.
>
> This setup will be online for the next week. If someone wants me to test
> some extra stuff, e.g. some sysctl tuning, just drop me a line.
> Throughput of over 600mibt is very impressive, cause only one CPU is
> around 50-100% and load is 0.
>
> Made a small site for collecting all the stuff, more routers to come
> ... www.routerperformance.net
>
>
> TCP tests
(...)
Nice name for a VPN appliance ;-)
I did some performance tests with a VIA Nano chip. This chip has encryption in
hardware on the CPU. And the embedded devices form VIA are a little bit
cheaper than Nexcom.
IPsec perfomance see:
https://sys4.de/en/blog/2013/09/21/ipsec-performance-eden-padlock/
I did not do such extensive testing as you. Especially with small packet (64
Byte) the performce will drop, as you have seen also.
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the Swan
mailing list