[Swan] Libreswan Performance tests

Muenz, Michael m.muenz at spam-fetish.org
Mon Jan 12 12:29:18 EET 2015


Am 12.01.2015 um 10:46 schrieb Muenz, Michael:
> Am 09.01.2015 um 17:28 schrieb Paul Wouters:
>>
>> So using phase2alg=aes_gcm128-null will be interesting. It might get you
>> a little closer to 1Gbps provided you are CPU bound. If it remains at
>> 902 Mbit/s your CPU is not your limiting factor.
>>
>
> Here are my results with 9000 (1GBit IF) AES128GCM-NULL:
> ------------------------------------------------------------
> Client connecting to 10.12.11.100, TCP port 5001
> TCP window size:  416 KByte (WARNING: requested  512 KByte)
> ------------------------------------------------------------
> [  3] local 10.12.10.100 port 52361 connected with 10.12.11.100 port 5001
> [ ID] Interval       Transfer     Bandwidth
> [  3]  0.0- 1.0 sec   107 MBytes   897 Mbits/sec
> [  3]  1.0- 2.0 sec   108 MBytes   908 Mbits/sec
> [  3]  2.0- 3.0 sec   108 MBytes   909 Mbits/sec
> [  3]  3.0- 4.0 sec   108 MBytes   908 Mbits/sec
> [  3]  4.0- 5.0 sec   108 MBytes   909 Mbits/sec
> [  3]  5.0- 6.0 sec   108 MBytes   907 Mbits/sec
> [  3]  6.0- 7.0 sec   108 MBytes   908 Mbits/sec
> [  3]  7.0- 8.0 sec   108 MBytes   909 Mbits/sec
> [  3]  8.0- 9.0 sec   108 MBytes   908 Mbits/sec
> [  3]  9.0-10.0 sec   108 MBytes   909 Mbits/sec
> [  3]  0.0-10.0 sec  1.06 GBytes   907 Mbits/sec
>
>

Forget my last mail with all values for 9000, the clients had mtu 1500.
My Catalyst was not able to also route mtu 9000 so I did a crossover, 
but rebooted clients bevore.

Now here the results with 9000 and no tuning, things go bad...

Here are my results with 9000 (1GBit IF) AES128GCM-NULL:
------------------------------------------------------------
Client connecting to 10.12.11.100, TCP port 5001
TCP window size:  416 KByte (WARNING: requested  512 KByte)
------------------------------------------------------------
[  3] local 10.12.10.100 port 44873 connected with 10.12.11.100 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.0 sec  78.6 MBytes   660 Mbits/sec
[  3]  1.0- 2.0 sec  78.4 MBytes   657 Mbits/sec
[  3]  2.0- 3.0 sec  78.5 MBytes   659 Mbits/sec
[  3]  3.0- 4.0 sec  78.4 MBytes   657 Mbits/sec
[  3]  4.0- 5.0 sec  78.6 MBytes   660 Mbits/sec
[  3]  5.0- 6.0 sec  78.5 MBytes   659 Mbits/sec
[  3]  6.0- 7.0 sec  78.4 MBytes   657 Mbits/sec
[  3]  7.0- 8.0 sec  78.4 MBytes   657 Mbits/sec
[  3]  8.0- 9.0 sec  78.4 MBytes   657 Mbits/sec
[  3]  9.0-10.0 sec  78.4 MBytes   657 Mbits/sec
[  3]  0.0-10.0 sec   785 MBytes   658 Mbits/sec


Here are my results with 9000 (1GBit IF) AES256-XCBC:
------------------------------------------------------------
Client connecting to 10.12.11.100, TCP port 5001
TCP window size:  416 KByte (WARNING: requested  512 KByte)
------------------------------------------------------------
[  3] local 10.12.10.100 port 44901 connected with 10.12.11.100 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.0 sec  76.6 MBytes   643 Mbits/sec
[  3]  1.0- 2.0 sec  76.8 MBytes   644 Mbits/sec
[  3]  2.0- 3.0 sec  76.5 MBytes   642 Mbits/sec
[  3]  3.0- 4.0 sec  76.6 MBytes   643 Mbits/sec
[  3]  4.0- 5.0 sec  76.5 MBytes   642 Mbits/sec
[  3]  5.0- 6.0 sec  77.0 MBytes   646 Mbits/sec
[  3]  6.0- 7.0 sec  76.5 MBytes   642 Mbits/sec
[  3]  7.0- 8.0 sec  76.6 MBytes   643 Mbits/sec
[  3]  8.0- 9.0 sec  76.5 MBytes   642 Mbits/sec
[  3]  9.0-10.0 sec  76.5 MBytes   642 Mbits/sec
[  3]  0.0-10.0 sec   766 MBytes   643 Mbits/sec

Michael


More information about the Swan mailing list