Received: with ECARTIS (v1.0.0; list netdev); Tue, 10 May 2005 09:49:47 -0700 (PDT)
Received: from nic.upatras.gr (nic.upatras.gr [150.140.129.30])
	by oss.sgi.com (8.12.10/8.12.10/SuSE Linux 0.7) with SMTP id j4AGnWOv000452
	for <netdev@oss.sgi.com>; Tue, 10 May 2005 09:49:34 -0700
Received: (qmail 23817 invoked by uid 111); 10 May 2005 16:49:07 -0000
Received: from 150.140.129.29 by nic.upatras.gr (envelope-from <m.iatrou@freemail.gr>, uid 103) with qmail-scanner-1.25 
 (clamdscan: 0.83/706.  
 Clear:RC:1(150.140.129.29):. 
 Processed in 0.086498 secs); 10 May 2005 16:49:07 -0000
Received: from patreas.upatras.gr (150.140.129.29)
  by nic.upatras.gr with SMTP; 10 May 2005 16:49:07 -0000
Received: (qmail 21753 invoked from network); 10 May 2005 16:49:07 -0000
Received: from upnet-dialinpool-55.upnet.gr ([150.140.128.199])
          (envelope-sender <m.iatrou@freemail.gr>)
          by patreas.upatras.gr (qmail-ldap-1.03) with SMTP
          for <netdev@oss.sgi.com>; 10 May 2005 16:49:07 -0000
From: Michael Iatrou <m.iatrou@freemail.gr>
To: netdev@oss.sgi.com
Subject: IPsec performance over UDP
Date: Tue, 10 May 2005 19:49:12 +0300
User-Agent: KMail/1.8
X-Face: *8Gl!va:8&HzlgC%IRQaxD*[{;>3OMj];U1I;[rtNn@,hA7h/cTR1!!0J`koxA2)=?utf-8?q?xj=7ELd9=0A=09N4LpVN=24=5CaU=27r?=<dFtnPd*,?d&u_g_kAnTwdv>2l}1-ae/$k1heNY.:5"9IYPy>X$msqG
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-7"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200505101949.12236.m.iatrou@freemail.gr>
X-archive-position: 982
X-ecartis-version: Ecartis v1.0.0
Sender: netdev-bounce@oss.sgi.com
Errors-to: netdev-bounce@oss.sgi.com
X-original-sender: m.iatrou@freemail.gr
Precedence: bulk
X-list: netdev
Content-Length: 982
Lines: 38

Hi,

I did some testing for IPsec performance over UDP. I used two identical PCs, 
connected back-to-back, with Intel Xeon 2.8GHz (SMP/SMT disabled), 512MB RAM, 
e1000 (82546EB), running Linux 2.6.11.7.  

I tested AES {128,192,256}, DES, 3DES, SHA, MD5 and various combinations of 
them for ESP and AH.

Network performance:
http://members.hellug.gr/iatrou/udp-throughput.png

CPU utilization:
http://members.hellug.gr/iatrou/udp-cpu.png

The "unexpected" result is that there is 30% idle time even if the network is 
not saturated! On the other hand, TCP seems to behave more normally:

Network performance:
http://members.hellug.gr/iatrou/tcp-throughput.png

CPU utilization:
http://members.hellug.gr/iatrou/tcp-cpu.png

Any ideas?

All tests are 100% reproducible.

Additional infos:
MTU 1500
IPsec mode: transport, using preshared keys
netperf 2.3pl1
CPU utilization from /proc/stat

-- 
 Michael Iatrou
 Electrical and Computer Engineering Dept.
 University of Patras, Greece