Andreas Bihlmaier wrote:
On Mon, Nov 06, 2006 at 09:51:13AM -0800, Dag Richards wrote:
Andreas Bihlmaier wrote:
On Mon, Nov 06, 2006 at 09:49:07AM -0700, Darrin Chandler wrote:
Greg Mortensen wrote:
On Sun, 5 Nov 2006, Darrin Chandler wrote:
Can you say what the "irrelevant" i386 machine is? Lots of difference
between a 90MHz PentiumI and a 3GHz Opteron, and I'd like to know where
those numbers fit in.
The i386 results were sent to me off-list, so I don't know the
processor details. "It's fast" will have to suffice. To put it in
perspective, my fastest Intel systems report:
Xeon 3.00GHz
aes-128-cbc 56117.94k 59781.24k 62908.69k 63702.29k 63485.95k
Xeon 3.40GHz
aes-128-cbc 64935.33k 71725.72k 74294.15k 75431.37k 75419.89k
My fastest:
cpu0: AMD Opteron(tm) Processor 246, 1994.63 MHz
cpu1: AMD Opteron(tm) Processor 246, 1994.32 MHz
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 80713.16k 87876.85k 91431.72k 92622.31k 92688.52k
While that's *more* than fast enough for common tasks, the SBC + VIA
PadlockACE numbers you gave whip the pants off it for anything > 16 bytes.
Well, you should also consider bytes/watt :)
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192
bytes
aes-128-cbc 48246.54k 175071.41k 472434.09k 788228.58k
980033.81k
OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA Esther processor 1500MHz ("CentaurHauls" 686-class) 1.50 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2
Regards,
ahb
Those are very impressive numbers.
What are you getting through these gateways?
What is the net usable throughput client PCs on either end are able to
exchange over the VPN?
This is just home usage, all over long 100mbit lines with dirty cheap
switches (several) in between.
#ipsec.conf (extract):
#------------------------------- Makros ---------------------------------------#
quick_enc = "aes"
quick_auth = "hmac-md5" # <- sha is much more expensive
ike esp from $local_ip to $local_net peer $lan_gw \
quick auth $quick_auth \
enc $quick_enc \
psk $psk_ahb
ike esp from $local_ip to $vpn_gw peer $lan_gw \
quick auth $quick_auth \
enc $quick_enc \
psk $psk_ahb
#------------------------------------------------------------------------------#
ahblaptop <- vpn-gw <- ahb64
[snipping dmesg and iperf numbers]
Does anybody know if OpenVPN will also benefit form hardware encryption?
Regards,
Heinrich Rebehn
University of Bremen
Physics / Electrical and Electronics Engineering
- Department of Telecommunications -
Phone : +49/421/218-4664
Fax : -3341
