* IPsec performance (in)dependent on ingress rate?
@ 2011-09-01 14:24 Adam Tisovsky
2011-09-05 2:26 ` Sandy Harris
0 siblings, 1 reply; 2+ messages in thread
From: Adam Tisovsky @ 2011-09-01 14:24 UTC (permalink / raw)
To: linux-crypto
Hi,
I’m doing some benchmarks of IPsec performance on Cisco router and I
have experienced the situation described below. My question is whether
anybody has performed similar tests on Linux (StrongSWAN, OpenSWAN,…)
or any other security gateway and can tell how did it behave.
When you are gradually increasing the rate of traffic to be secured
(using UDP as a transport protocol) you reach the maximum possible
throughput of the device. But when you continue increasing the rate of
ingress traffic beyond this point, the fowarding rate of device will
decrease. Example:
Max. throughput of device is 10 Mbps. If ingress traffic rate is 10
Mbps, then forwarding rate is 10 Mbps. But when ingress rate is 20
Mbps, you get forwarding rate only 5 Mbps.
I have experienced this on Cisco 1841 router with HW accelerator
DISABLED. After some investigation I foud out that more ingress
traffic utilizes main CPU more by interrupts. And interrupts go on the
expense of encryption process. Therefore the decrease of forwarding
rate. With HW accelerator enabled this situation on does not occur,
device forwards traffic at the maximum rate even if it’s overloaded by
the ingress tarffic.
I didin’t find any information dealing with this, however I find it
quite interesting. I’m also planning to do the tests on StrongSWAN and
OpenSWAN, but it takes some time. So any information will be helpful
in advance.
Thank you
Adam
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: IPsec performance (in)dependent on ingress rate?
2011-09-01 14:24 IPsec performance (in)dependent on ingress rate? Adam Tisovsky
@ 2011-09-05 2:26 ` Sandy Harris
0 siblings, 0 replies; 2+ messages in thread
From: Sandy Harris @ 2011-09-05 2:26 UTC (permalink / raw)
To: Adam Tisovsky; +Cc: linux-crypto
On Thu, Sep 1, 2011 at 10:24 PM, Adam Tisovsky <tisovsky@gmail.com> wrote:
> I’m doing some benchmarks of IPsec performance on Cisco router and I
> have experienced the situation described below. My question is whether
> anybody has performed similar tests on Linux (StrongSWAN, OpenSWAN,…)
> or any other security gateway and can tell how did it behave.
There is some info for FreeS/WAN, ancestor of the ones you mention:
http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/performance.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-09-05 2:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-09-01 14:24 IPsec performance (in)dependent on ingress rate? Adam Tisovsky
2011-09-05 2:26 ` Sandy Harris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.