IPsec performance over UDP

To:	netdev@xxxxxxxxxxx
Subject:	IPsec performance over UDP
From:	Michael Iatrou <m.iatrou@xxxxxxxxxxx>
Date:	Tue, 10 May 2005 19:49:12 +0300
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	KMail/1.8

Hi,

I did some testing for IPsec performance over UDP. I used two identical PCs, 
connected back-to-back, with Intel Xeon 2.8GHz (SMP/SMT disabled), 512MB RAM, 
e1000 (82546EB), running Linux 2.6.11.7.  

I tested AES {128,192,256}, DES, 3DES, SHA, MD5 and various combinations of 
them for ESP and AH.

Network performance:
http://members.hellug.gr/iatrou/udp-throughput.png

CPU utilization:
http://members.hellug.gr/iatrou/udp-cpu.png

The "unexpected" result is that there is 30% idle time even if the network is 
not saturated! On the other hand, TCP seems to behave more normally:

Network performance:
http://members.hellug.gr/iatrou/tcp-throughput.png

CPU utilization:
http://members.hellug.gr/iatrou/tcp-cpu.png

Any ideas?

All tests are 100% reproducible.

Additional infos:
MTU 1500
IPsec mode: transport, using preshared keys
netperf 2.3pl1
CPU utilization from /proc/stat

-- 
 Michael Iatrou
 Electrical and Computer Engineering Dept.
 University of Patras, Greece

<Prev in Thread]	Current Thread	[Next in Thread>
IPsec performance over UDP, Michael Iatrou <= Re: IPsec performance over UDP, Rick Jones Re: IPsec performance over UDP, Michael Iatrou

Previous by Date:	Re: [RFC] TCP congestion infrastructure, Stephen Hemminger
Next by Date:	Re: RFC: PHY Abstraction Layer II, Andy Fleming
Previous by Thread:	resend: [PATCH 2.6.11.8] drivers/net/wireless/airo.c: airo WEXT and quality corrections, Dan Williams
Next by Thread:	Re: IPsec performance over UDP, Rick Jones
Indexes:	[Date] [Thread] [Top] [All Lists]