Re: [Openvpn-users] [Openvpn-devel] Openvpn is not working with hardware encryption enabled CPU.
Hi I tried to run openssl with the commands provided by you.But my performance is decreasing when i use cryptodev. I tried with file of approx 100MB. *Without HW it takes 4secs only.* *with cryptodev it takes 3min 15 secs* Can you please provide some inputs to improve this? Thanks for the help. On Fri, Jul 31, 2015 at 6:26 AM, Jan Just Keijser janj...@nikhef.nl wrote: Hi, On 30/07/15 19:04, Rahul Arora wrote: Hi Thanks for the reply. I am already using --engine cryptodev in the configuration file. I am using aes-128-cbc cipher algorithm and it is supported in my hardware as i am running openssl speed test using these ciphers only and in case of openssl speed test throughput is increasing but with openvpn it is not so. this was reported by someone on the list a few days ago as well. the problem is not with openvpn , but with the openssl speed command used: the cryptodev engine (and kernel device) do not provide a factor of 100+ speedup. It's the openssl speed -evp aes-256-cbc command that reports erroneous results. Try running this openssl command on your box: date ; cat bigfile | openssl enc -e -aes-256-cbc -bufsize 8192 -pass pass:testing123 /dev/null ; date where 'bigfile' is some large file of 2 GB in size. Then rerun it using date ; cat bigfile | openssl enc -engine cryptodev -e -aes-256-cbc -bufsize 8192 -pass pass:testing123 /dev/null ; date and compare the results. On my hardware I get zero difference whether I use cryptodev or not, whereas 'openssl speed' reports a 100+ % improvement: with cryptodev module loaded: aes-256-cbc 286337.65k 1048423.31k 4589489.60k 19596646.40k 141238272.00k without cryptodev: aes-256-cbc 465276.57k 487043.33k 493990.87k 493776.90k 495720.11k so, apart from the fact that openvpn's speed limitations are not determined solely by encryption/decryption, this does prove to me that the cryptodev device offers little if no performance improvement. hope this clears things up, JJK On Thu, Jul 30, 2015 at 5:18 PM, Gert Doering g...@greenie.muc.de wrote: Hi, On Thu, Jul 30, 2015 at 12:55:00PM +0530, Rahul Arora wrote: *Openvpn --version* OpenVPN 2.1.3 arm-fsl-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Jul 29 2015 This is, uh, ancient. 2.3.7 is the current stable release. (It might or might not related, but we're certainly not going back to 2.2 or even 2.1 releases to debug anything. OpenVPN *should* use the crypto accelerator just fine, if OpenSSL can use it - if you need to use an OpenSSL engine, tell OpenVPN with --engine yourengine. It might not make an overwhelming difference in speed if you use the wrong crypto algorithms - like, your hardware accelerates 3DES and you use --cipher blowfish...) gert -- USENET is *not* the non-clickable part of WWW! // www.muc.de/~gert/ http://www.muc.de/%7Egert/ Gert Doering - Munich, Germany g...@greenie.muc.de -- ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
[Openvpn-users] Openvpn is not working with hardware encryption enabled CPU.
Hi Team, We have a hardware encryption enabled CPU,we want to test how does its hardware encryption engine will improve Openvpn performance. We are getting outstanding improved performance in openssl, from 48 times up to 100 times in openssl encryption test with cryptodev engine supported. -- ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] [Openvpn-devel] Openvpn is not working with hardware encryption enabled CPU.
Hi Thanks for the reply. I am already using --engine cryptodev in the configuration file. I am using aes-128-cbc cipher algorithm and it is supported in my hardware as i am running openssl speed test using these ciphers only and in case of openssl speed test throughput is increasing but with openvpn it is not so. On Thu, Jul 30, 2015 at 5:18 PM, Gert Doering g...@greenie.muc.de wrote: Hi, On Thu, Jul 30, 2015 at 12:55:00PM +0530, Rahul Arora wrote: *Openvpn --version* OpenVPN 2.1.3 arm-fsl-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Jul 29 2015 This is, uh, ancient. 2.3.7 is the current stable release. (It might or might not related, but we're certainly not going back to 2.2 or even 2.1 releases to debug anything. OpenVPN *should* use the crypto accelerator just fine, if OpenSSL can use it - if you need to use an OpenSSL engine, tell OpenVPN with --engine yourengine. It might not make an overwhelming difference in speed if you use the wrong crypto algorithms - like, your hardware accelerates 3DES and you use --cipher blowfish...) gert -- USENET is *not* the non-clickable part of WWW! // www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de -- ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Openvpn is not working with hardware encryption enabled CPU.
Sorry for my last incomplete email.I sent it by mistake.Here is the complete description. We have a hardware encryption enabled CPU,we want to test how does its hardware encryption engine will improve Openvpn performance. *We are getting outstanding improved performance in openssl*, from 48 times up to 100 times in openssl encryption test with cryptodev engine supported. The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 12386.33k41985.48k 312989.87k 823944.53k infk Then *while running the openvpn between 2 machine's* (one for server, one for client, and both side cipher used aes-128-cbc), we can get the Openvpn tunnel working, but when we tried to use iperf to test its traffic throughput capacity, the throughput of Iperf shows only *16Mbits/sec with cryptodev hardware engine* !!!, it is *even low than without cryptodev hardware engine enabled(its around 80Mbits/sec)*. If some body knows this issue,can you please point me to the source code path where i can tweak something to improve performance with cryptodev case. I am using below versions of the sources. *OpenSSL 1.0.1g 7 Apr 2014* *Openvpn --version* OpenVPN 2.1.3 arm-fsl-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Jul 29 2015 Originally developed by James Yonan Copyright (C) 2002-2010 OpenVPN Technologies, Inc. sa...@openvpn.net *Cryptodev 1.6 version* Please feel free to revert if any information is missing. Thanks for the help. On Thu, Jul 30, 2015 at 12:33 PM, Rahul Arora rahul1991.ar...@gmail.com wrote: Hi Team, We have a hardware encryption enabled CPU,we want to test how does its hardware encryption engine will improve Openvpn performance. We are getting outstanding improved performance in openssl, from 48 times up to 100 times in openssl encryption test with cryptodev engine supported. -- ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users