On Tue, Dec 28, 2004 at 07:17:26PM -0800, Shekhar Kshirsagar wrote:
> I'm really puzzled with the performance results I'm getting. The
> performance drop with AH seems high, but worst is performance drop with
> null-esp in transport mode. Another strange observation is that DES
> throughput is greater than null encryption throughput.
Thanks for doing these benchmarks! I did some myself some time ago, but my
hardware isn't representative of anything (consisting of a pentium pro 200
against a P3 1GHz).
> Throughput without IPSec : 936 MBits/s ( 25% CPU Util)
> Transport mode AH - SHA1 : 398 MBits/s (100% CPU Util)
> Transport mode ESP - null/SHA1: 62 MBits/s (100% CPU Util)
> Transport mode ESP - des/SHA1 : 111 MBits/s (100% CPU Util)
> Transport mode ESP - 3des/SHA1: 54 MBits/s (100% CPU Util)
> Transport mode ESP - aes/SHA1 : 192 MBits/s (100% CPU Util)
>
> Do these numbers sound reasonable?
> (I don't have any iptable rules)
It is very easy to use oprofile these days, I suggest you profile for a bit,
should easily tell you what the culprit is. 62MBit/s sounds very low.
Good luck!
--
http://www.PowerDNS.com Open source, database driven DNS Software
http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
|