netdev
[Top] [All Lists]

IPsec performance over UDP

To: netdev@xxxxxxxxxxx
Subject: IPsec performance over UDP
From: Michael Iatrou <m.iatrou@xxxxxxxxxxx>
Date: Tue, 10 May 2005 19:49:12 +0300
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: KMail/1.8
Hi,

I did some testing for IPsec performance over UDP. I used two identical PCs, 
connected back-to-back, with Intel Xeon 2.8GHz (SMP/SMT disabled), 512MB RAM, 
e1000 (82546EB), running Linux 2.6.11.7.  

I tested AES {128,192,256}, DES, 3DES, SHA, MD5 and various combinations of 
them for ESP and AH.

Network performance:
http://members.hellug.gr/iatrou/udp-throughput.png

CPU utilization:
http://members.hellug.gr/iatrou/udp-cpu.png

The "unexpected" result is that there is 30% idle time even if the network is 
not saturated! On the other hand, TCP seems to behave more normally:

Network performance:
http://members.hellug.gr/iatrou/tcp-throughput.png

CPU utilization:
http://members.hellug.gr/iatrou/tcp-cpu.png

Any ideas?

All tests are 100% reproducible.

Additional infos:
MTU 1500
IPsec mode: transport, using preshared keys
netperf 2.3pl1
CPU utilization from /proc/stat

-- 
 Michael Iatrou
 Electrical and Computer Engineering Dept.
 University of Patras, Greece

<Prev in Thread] Current Thread [Next in Thread>