RE: [pfSense Support] PFsense as PN server

Sat, 22 Oct 2005 12:01:57 -0700 

These numbers compare don't they.

Opteron: 814 connections per sec.
Vpn 1411: 24 to 70 connections/sec using 1024 bits


opteron.
                   sign    verify    sign/s verify/s
rsa 1024 bits 0.001227s 0.000067s    814.7  14917.9 


vpn1411

Public Key, RSA, DSA, SSL, IKE and DH, 24 to 70 connections/sec using
1024 bit keys

Or maybe I can't read the numbers correctly.

Would love to see some real world stats from vpn 1411 I know some
thoughput tests where done on monowall and pfsense sometime ago with vpn
cards on wrap board. But this is a CPU bound environment.

Can anyone else decipher these numbers better, I am confused a little
bu=y them.


> -----Original Message-----
> From: Rainer Duffner [mailto:[EMAIL PROTECTED]
> Sent: 22 October 2005 18:56
> To: [email protected]
> Subject: Re: [pfSense Support] PFsense as PN server
> 
> alan walters wrote:
> 
> >Your aren't going to terminate the ssl connections  on
> >The firewall ??? what benefit would ssl accelerators provide.
> >
> >We are planning something similar at the moment. My present thoughts
are
> to use opteron processors on the vpn servers. And run pfsense on that
> hardware.
> >
> >
> 
> 
> This is from a (almost idle) IBM LS20 2.0 GHz Dual Core Dual Opteron
> Blade, 1 MB Cache (RHEL4-AMD64 - FreeBSD's non-existant FC-failover
> support doesn't let me any choice here - but the numbers should be in
> the right ballpark):
> ===================
> OpenSSL 0.9.7a Feb 19 2003
> built on: Thu Oct  6 13:41:39 EDT 2005
> options:bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int)
> aes(partial) blowfish(ptr2)
> compiler: gcc -fPIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
> -DHAVE_DLFCN_H -DKRB5_MIT -DOPENSSL_NO_IDEA -DOPENSSL_NO_MDC2
> -DOPENSSL_NO_RC5 -DOPENSSL_NO_EC -I/usr/kerberos/include -DL_ENDIAN
> -DTERMIO -Wall -DMD32_REG_T=int -O2 -g -pipe -m64 -Wa,--noexecstack
> available timing options: TIMES TIMEB HZ=100 [sysconf value]
> timing function used: times
> The 'numbers' are in 1000s of bytes per second processed.
> type             16 bytes     64 bytes    256 bytes   1024 bytes
8192
> bytes
> md2               1503.10k     3152.55k     4339.11k     4795.39k
> 4909.74k
> mdc2                 0.00         0.00         0.00         0.00
> 0.00
> md4              18619.34k    62840.47k   176072.53k   320213.67k
> 420093.95k
> md5              14716.69k    46055.30k   119688.87k   199830.19k
> 247160.83k
> hmac(md5)         7761.32k    27257.24k    82330.28k   165962.41k
> 237734.57k
> sha1             16178.74k    45727.10k    96874.41k   134190.42k
> 151379.97k
> rmd160           12130.01k    33528.32k    69918.21k    95937.88k
> 107672.92k
> rc4             144444.90k   150359.64k   155039.57k   156210.52k
> 157245.58k
> des cbc          39090.10k    41027.39k    41519.02k    41678.51k
> 41746.43k
> des ede3         15552.41k    15824.92k    15924.82k    15949.48k
> 15840.60k
> idea cbc             0.00         0.00         0.00         0.00
> 0.00
> rc2 cbc          20894.13k    21729.26k    21868.46k    21910.19k
> 21970.94k
> rc5-32/12 cbc        0.00         0.00         0.00         0.00
> 0.00
> blowfish cbc     69273.69k    73876.35k    74984.45k    75436.71k
> 75603.97k
> cast cbc         53019.16k    55266.71k    55873.37k    56158.89k
> 56620.37k
> aes-128 cbc      87868.44k    91959.89k    93882.28k    94908.76k
> 95016.28k
> aes-192 cbc      79097.22k    82687.49k    83933.44k    84250.28k
> 84339.37k
> aes-256 cbc      71791.63k    74495.49k    75358.04k    75094.36k
> 75216.21k
>                   sign    verify    sign/s verify/s
> rsa  512 bits 0.000328s 0.000027s   3050.5  37659.1
> rsa 1024 bits 0.001227s 0.000067s    814.7  14917.9
> rsa 2048 bits 0.006821s 0.000199s    146.6   5023.8
> rsa 4096 bits 0.044185s 0.000682s     22.6   1466.6
>                   sign    verify    sign/s verify/s
> dsa  512 bits 0.000208s 0.000242s   4810.4   4139.8
> dsa 1024 bits 0.000565s 0.000668s   1771.0   1496.3
> dsa 2048 bits 0.001803s 0.002181s    554.8    458.5
> ========================
> 
> I assume that's also what you could get from e.g. a SunFire X4100 (do
> the SAS-drives work with FreeBSD?).
> 
> 
> Soekris says:
> http://www.soekris.com/vpn1401.htm
> "Authentication, SHA-1 and MD5 at 325 to 360 Mbps" -
> In light of these numbers, that would be pretty good, wouldn't it?
> 
> Their upcoming vpn1461 reads even better:
> http://www.soekris.com/vpn1461.htm
> 
> 
> But we'll see when it ships (and when drivers for FreeBSD ship...)
> 
> 
> 
> 
> cheers,
> Rainer
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to