* IPsec performance over UDP
@ 2005-05-10 16:49 Michael Iatrou
2005-05-10 18:41 ` Rick Jones
0 siblings, 1 reply; 3+ messages in thread
From: Michael Iatrou @ 2005-05-10 16:49 UTC (permalink / raw)
To: netdev
Hi,
I did some testing for IPsec performance over UDP. I used two identical PCs,
connected back-to-back, with Intel Xeon 2.8GHz (SMP/SMT disabled), 512MB RAM,
e1000 (82546EB), running Linux 2.6.11.7.
I tested AES {128,192,256}, DES, 3DES, SHA, MD5 and various combinations of
them for ESP and AH.
Network performance:
http://members.hellug.gr/iatrou/udp-throughput.png
CPU utilization:
http://members.hellug.gr/iatrou/udp-cpu.png
The "unexpected" result is that there is 30% idle time even if the network is
not saturated! On the other hand, TCP seems to behave more normally:
Network performance:
http://members.hellug.gr/iatrou/tcp-throughput.png
CPU utilization:
http://members.hellug.gr/iatrou/tcp-cpu.png
Any ideas?
All tests are 100% reproducible.
Additional infos:
MTU 1500
IPsec mode: transport, using preshared keys
netperf 2.3pl1
CPU utilization from /proc/stat
--
Michael Iatrou
Electrical and Computer Engineering Dept.
University of Patras, Greece
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: IPsec performance over UDP
2005-05-10 16:49 IPsec performance over UDP Michael Iatrou
@ 2005-05-10 18:41 ` Rick Jones
2005-05-10 20:35 ` Michael Iatrou
0 siblings, 1 reply; 3+ messages in thread
From: Rick Jones @ 2005-05-10 18:41 UTC (permalink / raw)
To: Michael Iatrou; +Cc: netdev
Michael Iatrou wrote:
> Hi,
>
> I did some testing for IPsec performance over UDP. I used two identical PCs,
> connected back-to-back, with Intel Xeon 2.8GHz (SMP/SMT disabled), 512MB RAM,
> e1000 (82546EB), running Linux 2.6.11.7.
>
> I tested AES {128,192,256}, DES, 3DES, SHA, MD5 and various combinations of
> them for ESP and AH.
>
> Network performance:
> http://members.hellug.gr/iatrou/udp-throughput.png
>
> CPU utilization:
> http://members.hellug.gr/iatrou/udp-cpu.png
>
> The "unexpected" result is that there is 30% idle time even if the network is
> not saturated!
Perhaps the sending side got intra-stack flow-controlled?
rick jones
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: IPsec performance over UDP
2005-05-10 18:41 ` Rick Jones
@ 2005-05-10 20:35 ` Michael Iatrou
0 siblings, 0 replies; 3+ messages in thread
From: Michael Iatrou @ 2005-05-10 20:35 UTC (permalink / raw)
To: Rick Jones; +Cc: netdev
When the date was Tuesday 10 May 2005 21:41, Rick Jones wrote:
> > The "unexpected" result is that there is 30% idle time even if the
> > network is not saturated!
>
> Perhaps the sending side got intra-stack flow-controlled?
In that case, plain IP should't also have the same problem (it hasn't)?
--
Michael Iatrou
Electrical and Computer Engineering Dept.
University of Patras, Greece
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-05-10 20:35 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-05-10 16:49 IPsec performance over UDP Michael Iatrou
2005-05-10 18:41 ` Rick Jones
2005-05-10 20:35 ` Michael Iatrou
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).