[Swan] Libreswan Performance tests

Muenz, Michael m.muenz at spam-fetish.org
Fri Jan 9 17:39:40 EET 2015


Am 09.01.2015 um 14:21 schrieb Michael Schwartzkopff:
> Am Freitag, 9. Januar 2015, 14:08:03 schrieb Muenz, Michael:
>> Hey,
>>
>> for a small project I have 2 Nexcom NSA3150 appliances here and did some
>> performance testing.
>> Thought you would be interested in too.
>>
>> The setup is 2 boxes with a L3 Cataylst between doing the routing.
>> Behind the Firewalls 2 PC's. On every system Debian 8 is installed.
>> Libreswan 3.12 is installed via deb's, KLIPS used, AES256/SHA1/DH14 IKEv1.
>>
>> This setup will be online for the next week. If someone wants me to test
>> some extra stuff, e.g. some sysctl tuning, just drop me a line.
>> Throughput of over 600mibt is very impressive, cause only one CPU is
>> around 50-100% and load is 0.
>>
>> Made a small site for collecting all the stuff, more routers to come
>> ...  www.routerperformance.net
>>
>>
>> TCP tests
> (...)
>
> Nice name for a VPN appliance ;-)

Indeed! :) But I believe many vendors like Sophos order their appliances 
from Nexcom.

>
> I did not do such extensive testing as you. Especially with small packet (64
> Byte) the performce will drop, as you have seen also.
>

As I tested with NETKEY before, never thought that loss rate is so huge 
with KLIPS.

KLIPS:
[ 3] Server Report:
[ 3] 0.0-10.0 sec 62.6 MBytes 52.5 Mbits/sec 0.096 ms 177915/691023 (26%)

NETKEY:
[  3] Server Report:
[  3]  0.0-10.0 sec  84.3 MBytes  70.7 Mbits/sec   0.018 ms 680/691023 
(0.098%)

Michael



More information about the Swan mailing list