On Tue, Oct 2, 2012 at 9:59 AM, Christiano F. Haesbaert <[email protected]> wrote: > Why not using tcpbench where you can actually specify the parameters > and know what is going on :). > > Play with buffer sizes and you'll see a big difference, using -u will > give you the actual PPS. >
I agree, I stopped using Iperf after tcpbench was in our tree and ready (I think it was at n2k8). Nice tool. While Iperf and tcpbench are good for testing the single- or even multi-TCP stream performance of the local test systems A and B, I wouldn't really count on them to test the real routing performance of a Device-Under-Test C in the middle. It is really hard to get meaningful max. PPS numbers, especially when you want to max out Gigabit or start playing with 10G. There will always be the limitations of the software and network stack of the test systems that will have difficulties to generate enough PPS to threaten a modern OpenBSD router (OK, IPsec is a different story...). A normal OpenBSD router does not involve any networking in userland which makes it MUCH faster than anything you can test with these tools. Of course, you can use many hosts on the A side or some "fancy" kernel-based packet generators, but this still doesn't give you any numbers because you will have to receive the packets and analyze the results somewhere on the B side... (and you simply cannot rely on "systat if" running on the OpenBSD router for that - another very basic but non-satisfying workaround would be to look at the performance counters of a managed switch in the middle). Most network and security vendors and larger data centers use these insanely expensive appliances for network performance testing that use FPGAs and customs chips to handle the load and give you accurate numbers. Many other vendors just depend on software testing, lie, round up or just make up numbers. These appliances can even test IPsec performance with thousands of simulated tunnels and/or millions of PPS and max. Mbps. We used to have an "Ixia" in my former company and it really helped to find and eliminate some bottlenecks in OpenBSD. We also tested IPsec performance on amd64, but this was before AES-NI and iked and I don't remember the numbers. Pure routing performance could go up to around 9Gbps on fast servers, but only with larger packets (1k-1.5k, not counting jumbos) because the max. PPS in OpenBSD was magically limited at this point (again, this is almost two years ago and many improvements happened afterwards). I would be very interested in getting updated numbers but I don't have access to such an appliance anymore. In summary, it is fine to run Iperf/tcpbench for getting an idea about your router performance up to a few hundred Mbps, but these numbers are not perfect and can go totally wrong when you reach Gigabit or 10G. Reyk
