Thanks Christian Specifying the MAC you suggested makes a big jump in performance.
SSH Options: [-o Ciphers=arcfour128 -o [email protected]] 98.65026953028924143858 MB/s 94.75118186708754888342 MB/s 93.67964795503113387533 MB/s 77.35326700132979443792 MB/s SSH Options: [-o Ciphers=arcfour128] 63.50306913748638001067 MB/s 63.09124016939771183475 MB/s 61.51859822693993063534 MB/s 52.67600175573777350882 MB/s On Thu, Jul 19, 2012 at 11:51:50AM +0000, Christian Weisgerber wrote: > David Diggles <[email protected]> wrote: > > > I am looking for ways to speed up scp over 10GigE. > > With parallel transfer of 4x 8GB files, I get > > the following test results with various ciphers. > > > > These tests maxed out 4 cores with encryption overhead. > > Assuming that crypto actually is your bottleneck, here are a few > hints: > > First, use a faster MAC: -m [email protected] > > > SSH Options: [-o Cipher=arcfour] > > SSH Options: [-o Cipher=blowfish] > > These only apply to the SSH1 protocol and are ignored otherwise. > > > SSH Options: [-o Ciphers=arcfour] > > SSH Options: [-o Ciphers=blowfish-cbc] > > SSH Options: [-o Ciphers=aes256-ctr] > > SSH Options: [-o Ciphers=3des-cbc] > > There are really three interesting ciphers: aes128-ctr, aes128-cbc, > and arcfour128. > > aes128-ctr is the default and already plenty fast. > > aes128-cbc used to be the default until a security problem with the > way CBC mode is used in the SSH2 protocol was discovered. In > principle it isn't any faster than aes128-ctr, but in practice it > may be since it uses OpenSSL's optimized EVP_aes_128_cbc() function > while aes128-ctr relies on calls to the low-level AES_encrypt() > primitive. > > arcfour128 is the fastest cipher supported. (Plain "arcfour" may > be a tad faster, but has known security problems.) > > -- > Christian "naddy" Weisgerber [email protected]
