Charles,
I did the test with the converted Bering-Contivity yesterday. I ran the
VPN as AES then changed to 3DES and ran it again. AES was 6% slower. Any
ideas why this would be the case?
Best Regards,
Roger McClurg
[EMAIL PROTECTED]
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit
written agreement or government initiative expressly permitting the use of
e-mail for such purpose.
----------------------------------------------------------------------------------------
Charles Steinkuehler <charles
@steinkuehler.net>
04/13/2004 04:13 PM
To: Roger E McClurg/CEG/[EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Bering 1.2 Throughput Test Results
Roger E McClurg wrote:
<snip>
> The next test was to FTP from the PC connected to the OpenBrick E to the
> PC connected to a 500 Mhz P III running Bering 1.2. The transfer rate
was
> only 12.67 Mb/sec. The 3DES IPSEC encryption was certainly taking it's
> toll.
>
> Next we replaced both Bering machines with Nortel Contivity 1500 VPN
> devices. The Contivity is a popular VPN concentrator for small branch
> offices. It was designed specifically for the purpose of a VPN
> concentrator. Imagine our surprise when the Contivity transfer rate was
> only 4.45 Mb/sec. The Bering boxes were running weblet, shorewall,
> dnscache, dhcpd, ssh, sshd, sftp, snmp, and snmpd in addition to IPSEC,
> and yet they were almost three times faster than commercial VPN
> concentrators.
If you want to have a bit more fun, switch your IPSec links to the new
AES (ipsec_aes.o) encryption algorithm. Designed to be more friendly to
modern CPU's with wide registers and SIMD (Single Instruction Multiple
Data) instruction sets (3DES is optimized for hardware, and doesn't
translate nicely into a byte/word oriented general-purpose CPU
algorithm), you should see a substantial increase in your transfer rates.
3DES is usually not much of a bottleneck (even with the 'slow' Nortel
devices), as usually the upstream WAN link is substantially slower than
the potential CPU throughput when compressing, but if you've got fast
pipes, you'll notice a drastic difference by choosing an alternate
encryption scheme.
--
Charles Steinkuehler
[EMAIL PROTECTED]
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
