[Swan] Libreswan Performance tests

Muenz, Michael m.muenz at spam-fetish.org
Mon Jan 12 11:46:55 EET 2015


Am 09.01.2015 um 17:28 schrieb Paul Wouters:
>
> So using phase2alg=aes_gcm128-null will be interesting. It might get you
> a little closer to 1Gbps provided you are CPU bound. If it remains at
> 902 Mbit/s your CPU is not your limiting factor.
>

Here are my results with 9000 (1GBit IF) AES128GCM-NULL:
------------------------------------------------------------
Client connecting to 10.12.11.100, TCP port 5001
TCP window size:  416 KByte (WARNING: requested  512 KByte)
------------------------------------------------------------
[  3] local 10.12.10.100 port 52361 connected with 10.12.11.100 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.0 sec   107 MBytes   897 Mbits/sec
[  3]  1.0- 2.0 sec   108 MBytes   908 Mbits/sec
[  3]  2.0- 3.0 sec   108 MBytes   909 Mbits/sec
[  3]  3.0- 4.0 sec   108 MBytes   908 Mbits/sec
[  3]  4.0- 5.0 sec   108 MBytes   909 Mbits/sec
[  3]  5.0- 6.0 sec   108 MBytes   907 Mbits/sec
[  3]  6.0- 7.0 sec   108 MBytes   908 Mbits/sec
[  3]  7.0- 8.0 sec   108 MBytes   909 Mbits/sec
[  3]  8.0- 9.0 sec   108 MBytes   908 Mbits/sec
[  3]  9.0-10.0 sec   108 MBytes   909 Mbits/sec
[  3]  0.0-10.0 sec  1.06 GBytes   907 Mbits/sec

Here are my results with 1500 (1GBit IF) AES128GCM-NULL:
------------------------------------------------------------
Client connecting to 10.12.11.100, TCP port 5001
TCP window size:  416 KByte (WARNING: requested  512 KByte)
------------------------------------------------------------
[  3] local 10.12.10.100 port 36205 connected with 10.12.11.100 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.0 sec   107 MBytes   895 Mbits/sec
[  3]  1.0- 2.0 sec   108 MBytes   906 Mbits/sec
[  3]  2.0- 3.0 sec   108 MBytes   906 Mbits/sec
[  3]  3.0- 4.0 sec   108 MBytes   907 Mbits/sec
[  3]  4.0- 5.0 sec   108 MBytes   906 Mbits/sec
[  3]  5.0- 6.0 sec   108 MBytes   907 Mbits/sec
[  3]  6.0- 7.0 sec   108 MBytes   905 Mbits/sec
[  3]  7.0- 8.0 sec   108 MBytes   906 Mbits/sec
[  3]  8.0- 9.0 sec   108 MBytes   907 Mbits/sec
[  3]  9.0-10.0 sec   108 MBytes   906 Mbits/sec
[  3]  0.0-10.0 sec  1.05 GBytes   905 Mbits/sec

Here are my results with 9000 (1GBit IF) AES128-XCBC:
------------------------------------------------------------
Client connecting to 10.12.11.100, TCP port 5001
TCP window size:  416 KByte (WARNING: requested  512 KByte)
------------------------------------------------------------
[  3] local 10.12.10.100 port 52333 connected with 10.12.11.100 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.0 sec  96.6 MBytes   811 Mbits/sec
[  3]  1.0- 2.0 sec  99.9 MBytes   838 Mbits/sec
[  3]  2.0- 3.0 sec  99.0 MBytes   830 Mbits/sec
[  3]  3.0- 4.0 sec   100 MBytes   843 Mbits/sec
[  3]  4.0- 5.0 sec   100 MBytes   841 Mbits/sec
[  3]  5.0- 6.0 sec   100 MBytes   842 Mbits/sec
[  3]  6.0- 7.0 sec  99.5 MBytes   835 Mbits/sec
[  3]  7.0- 8.0 sec   102 MBytes   854 Mbits/sec
[  3]  8.0- 9.0 sec   106 MBytes   892 Mbits/sec
[  3]  9.0-10.0 sec   108 MBytes   907 Mbits/sec
[  3]  0.0-10.0 sec  1012 MBytes   849 Mbits/sec

Here are my results with 1500 (1GBit IF) AES128-XCBC:
------------------------------------------------------------
Client connecting to 10.12.11.100, TCP port 5001
TCP window size:  416 KByte (WARNING: requested  512 KByte)
------------------------------------------------------------
[  3] local 10.12.10.100 port 36233 connected with 10.12.11.100 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.0 sec   105 MBytes   881 Mbits/sec
[  3]  1.0- 2.0 sec   108 MBytes   902 Mbits/sec
[  3]  2.0- 3.0 sec   108 MBytes   902 Mbits/sec
[  3]  3.0- 4.0 sec   107 MBytes   901 Mbits/sec
[  3]  4.0- 5.0 sec   108 MBytes   902 Mbits/sec
[  3]  5.0- 6.0 sec   108 MBytes   902 Mbits/sec
[  3]  6.0- 7.0 sec   107 MBytes   901 Mbits/sec
[  3]  7.0- 8.0 sec   108 MBytes   902 Mbits/sec
[  3]  8.0- 9.0 sec   108 MBytes   904 Mbits/sec
[  3]  9.0-10.0 sec   108 MBytes   903 Mbits/sec
[  3]  0.0-10.0 sec  1.05 GBytes   900 Mbits/sec


I'll now dig into /proc and try to tune things up.

Michael



More information about the Swan mailing list