Never mind.. The bottleneck doesn't seem to be encryption, more likely Interrupt Request and/or ESP Kernel handling.
Anyhow, if someone has numbers/experience with decent hardware, I would appreciate it.. Cheers, S. > On 18 Jan 2015, at 07:29, Sydney Meyer <[email protected]> wrote: > > Hello Everybody, > > what level of a performance can one expect when using AES in GCM with AESNI, > more or less? > > I am getting about 400 Mbit/s with iperf on Debian 7 (AMD64) with Linux > 3.16.7, strongSwan 5.2.1 and "ike=aes128gcm16-aesxcbc-modp1024", > "esp=aes128gcm16-modp1024" on a Intel Haswell i3 (4130T). > > ipsec statusall: > > Status of IKE charon daemon (strongSwan 5.2.1, Linux 3.16.0-0.bpo.4-amd64, > x86_64): > uptime: 9 minutes, since Jan 18 07:14:15 2015 > malloc: sbrk 540672, mmap 0, used 376912, free 163760 > worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, > scheduled: 3 > loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation > constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl > fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default > farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 > eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam > tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity > Listening IP addresses: > 192.168.140.151 > 192.168.99.1 > Connections: > net-net: 192.168.140.151...192.168.140.155 IKEv2 > net-net: local: [moon.strongswan.org] uses pre-shared key > authentication > net-net: remote: [sun.strongswan.org] uses pre-shared key authentication > net-net: child: 192.168.99.0/24 === 192.168.98.0/24 TUNNEL > Security Associations (1 up, 0 connecting): > net-net[1]: ESTABLISHED 9 minutes ago, > 192.168.140.151[moon.strongswan.org]...192.168.140.155[sun.strongswan.org] > net-net[1]: IKEv2 SPIs: 3326c285014ee25b_i* 6e19d113f6333f0b_r, > pre-shared key reauthentication in 42 minutes > net-net[1]: IKE proposal: AES_GCM_16_128/PRF_AES128_XCBC/MODP_1024 > net-net{1}: INSTALLED, TUNNEL, ESP SPIs: c30be83d_i cf78024c_o > net-net{1}: AES_GCM_16_128, 19485984 bytes_i (374603 pkts, 509s ago), > 1102162106 bytes_o (769403 pkts, 519s ago), rekeying in 5 minutes > net-net{1}: 192.168.99.0/24 === 192.168.98.0/24 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
