[Swan] Libreswan Performance tests

Michael Schwartzkopff ms at sys4.de
Fri Jan 9 15:21:43 EET 2015


Am Freitag, 9. Januar 2015, 14:08:03 schrieb Muenz, Michael:
> Hey,
> 
> for a small project I have 2 Nexcom NSA3150 appliances here and did some
> performance testing.
> Thought you would be interested in too.
> 
> The setup is 2 boxes with a L3 Cataylst between doing the routing.
> Behind the Firewalls 2 PC's. On every system Debian 8 is installed.
> Libreswan 3.12 is installed via deb's, KLIPS used, AES256/SHA1/DH14 IKEv1.
> 
> This setup will be online for the next week. If someone wants me to test
> some extra stuff, e.g. some sysctl tuning, just drop me a line.
> Throughput of over 600mibt is very impressive, cause only one CPU is
> around 50-100% and load is 0.
> 
> Made a small site for collecting all the stuff, more routers to come
> ...  www.routerperformance.net
> 
> 
> TCP tests
(...)

Nice name for a VPN appliance ;-)

I did some performance tests with a VIA Nano chip. This chip has encryption in 
hardware on the CPU. And the embedded devices form VIA are a little bit 
cheaper than Nexcom.

IPsec perfomance see: 
https://sys4.de/en/blog/2013/09/21/ipsec-performance-eden-padlock/

I did not do such extensive testing as you. Especially with small packet (64 
Byte) the performce will drop, as you have seen also.

Mit freundlichen Grüßen,

Michael Schwartzkopff

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


More information about the Swan mailing list