Hi I tried to run openssl with the commands provided by you.But my performance is decreasing when i use cryptodev.
I tried with file of approx 100MB. *Without HW it takes 4secs only.* *with cryptodev it takes 3min 15 secs* Can you please provide some inputs to improve this? Thanks for the help. On Fri, Jul 31, 2015 at 6:26 AM, Jan Just Keijser <janj...@nikhef.nl> wrote: > Hi, > > On 30/07/15 19:04, Rahul Arora wrote: > > Hi > > Thanks for the reply. > > I am already using "--engine cryptodev" in the configuration file. > > I am using "aes-128-cbc" cipher algorithm and it is supported in my > hardware as i am running "openssl speed test" using these ciphers only and > in case of "openssl speed test" throughput is increasing but with openvpn > it is not so. > > > this was reported by someone on the list a few days ago as well. > the problem is not with openvpn , but with the openssl speed command > used: the cryptodev engine (and kernel device) do not provide a factor of > 100+ speedup. It's the "openssl speed -evp aes-256-cbc" command that > reports erroneous results. > Try running this openssl command on your box: > > date ; cat bigfile | openssl enc -e -aes-256-cbc -bufsize 8192 -pass > pass:testing123 > /dev/null ; date > > where 'bigfile' is some large file of > 2 GB in size. > Then rerun it using > > date ; cat bigfile | openssl enc -engine cryptodev -e -aes-256-cbc > -bufsize 8192 -pass pass:testing123 > /dev/null ; date > > and compare the results. On my hardware I get zero difference whether I > use cryptodev or not, whereas 'openssl speed' reports a 100+ % improvement: > > with cryptodev module loaded: > aes-256-cbc 286337.65k 1048423.31k 4589489.60k 19596646.40k > 141238272.00k > > without cryptodev: > aes-256-cbc 465276.57k 487043.33k 493990.87k 493776.90k > 495720.11k > > > so, apart from the fact that openvpn's speed limitations are not > determined solely by encryption/decryption, this does prove to me that the > cryptodev device offers little if no performance improvement. > > hope this clears things up, > > JJK > > > > > > On Thu, Jul 30, 2015 at 5:18 PM, Gert Doering <g...@greenie.muc.de> wrote: > >> Hi, >> >> On Thu, Jul 30, 2015 at 12:55:00PM +0530, Rahul Arora wrote: >> > *Openvpn --version* >> > OpenVPN 2.1.3 arm-fsl-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Jul 29 >> > 2015 >> >> This is, uh, ancient. 2.3.7 is the current stable release. >> >> (It might or might not related, but we're certainly not going back to 2.2 >> or even 2.1 releases to debug anything. OpenVPN *should* use the crypto >> accelerator just fine, if OpenSSL can use it - if you need to use an >> OpenSSL engine, tell OpenVPN with "--engine yourengine". It might not >> make an overwhelming difference in speed if you use the wrong crypto >> algorithms - like, your hardware accelerates 3DES and you use >> --cipher blowfish...) >> >> gert >> >> -- >> USENET is *not* the non-clickable part of WWW! >> // >> www.muc.de/~gert/ <http://www.muc.de/%7Egert/> >> Gert Doering - Munich, Germany >> g...@greenie.muc.de >> > >
