On Mon, Apr 2, 2012 at 5:02 PM, Stuart Henderson <[email protected]> wrote: > On 2012-04-02, Dewey Hylton <[email protected]> wrote: >>>From: Stuart Henderson <stu <at> spacehopper.org> >>>Subject: Re: openbsd / ipsec / hardware >>>Newsgroups: gmane.os.openbsd.misc >>>Date: 2012-03-31 21:39:14 GMT (1 day, 22 hours and 53 minutes ago) >>>On 2012-03-30, Dewey Hylton <dewey.hylton <at> gmail.com> wrote: >>>> i'm getting ready to implement a few new site-to-site vpns using >>>> openbsd, and am on the hunt for appropriate hardware. i have several >>>> alix (geode) and lanner (intel atom) boxes working wonderfully as >>>> firewalls and routers, but neither type are able to provide enough >>>> throughput when ipsec is added to their roles. >>>> >>>> the lanner boxes can't accept add-in cards. the alix can accept >>>> a minipci, and i know that soekris makes a crypto accelerator (hifn?) >>>> that may help - but i'm not sure that'll be enough oompf either. >>>> our site-to-site link will provide up to 20Mbps, but the lanner box >>>> is topping out at 3.3Mbps with ipsec and the alix is at 1.5Mbps. >>> >>>This seems a bit on the low side. How are you testing throughput? >> >> i'm using a simple scp of a 100MB file. scp reports its transmission >> speed. and i'm comparing the same transmission of the same file between >> the same two hosts with and without vpn encryption. it may not be >> the best or most accurate measurement, but i believe it gives me the >> information i'm looking for. > > Sorry, this is a horrible way to measure connection speed. > Plain ftp would be better, but something that doesn't also measure > disk throughput would be better still (tcpbench, iperf etc). > > Also if you're testing from the router itself note that results > when testing from another machine which connects through the router > are likely to be very different. >
is nc okay for this kind of measurements?
