[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
performance comparison kernel patches available
The ATOMIC-2 project is announcing a SunOS 4.1.3 kernel
patch and tool set for comparing the performance of
authentication in IP.
The code includes:
kernel patches for various algorithms, including 'null'
and 'data touching only', to compare algorithms and
the overhead of header processing, etc.
user-level test program that uses the socket options
provided by the kernel patch (used for testing or
as a template)
scripts to gather repeated runs and process data into
plots automatically
See the README below. The file is available on the ATOMIC-2 tools page:
http://www.isi.edu/atomic2/tools.html
Please let us know if it's helpful, and if there are any questions.
Thanks
Joe
-----------------------
************************************************************************
README
Copyright (c) 1997 University of Southern California.
All rights reserved.
Redistribution and use in source and binary forms are permitted
provided that the above copyright notice and this paragraph are
duplicated in all such forms and that any documentation, advertising
materials, and other materials related to such distribution and use
acknowledge that the software was developed by the University of
Southern California, Information Sciences Institute. The name of the
University may not be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
************************************************************************
This tarfile includes patches for testing the performance of
IPv4 Authentication Header processing, and to compare the
performance of various authentication algorithms inside an
IP implementation.
Further information can be obtained from http://www.isi.edu/atomic2/
Tarfile definition:
o SunOS 4.1.3 patchfiles to add IPv4 Authentication Headers (RFC 1826)
contained in the following five directories:
netinet
os
sun4m
sys
conf
definition:
No keying (to be used to stream performance only)
Various algorithms:
MD5 As per RFC 1321.
(uses little-endian byte order)
MD5-optimized Source-code optimized version of MD5,
as per J. Touch, "Performance Analysis of MD5",
Sigcomm '95, pp. 77-86.
NBO-MD5-opt Network-standard byte order version of
MD5-optimized.
AHA Alternate Hash Algorithm, as suggested
in the above Sigcomm paper, by J. Touch.
(byte-order invariant)
ROG "Alternate Hash" (a.k.a. AH), as per
P. Rogaway, "Design and Analysis of Message
Authentication Codes," Proc. RSA Data Security
Conf., 1996.
(uses little-endian byte order)
NBO-ROG Network-standard byte order version of ROG.
CKSUM Internet checksum algorithm (used as a hash),
as per RFC 1071.
Used to measure the data-touching overheads,
as a 'trivial' algorithm that touches all data.
NULL-CKSUM Insert and delete AH headers, but perform
no authentication algorithm.
Used to measure the header processing overheads.
o 'blast' test program
The program tests end-to-end performance over TCP, UDP,
and paced UDP transfers. Blast has been modified to include
command-line options to socket options to engage the various
algorithms listed above.
Pacing is included to measure the optimal UDP throughput.
Unpaced UDP often overruns the receive buffer, resulting
in good measurements of send-side performance, but poor
measures of receive-side performance. Pacing is optimized
to estimate an upper bound on receive-side performance:
TCP reliable end-to-end performance
UDP upper-bound on send-side performance only
UDP_PACED upper-bound on receive-side performance only
Blast also provides a template for using the socket options
to engage the algorithms.
o 'script' test directory
Perl (v5) scripts used to gather data via blast tests,
and plot the results (using plot). It includes automatic
pacing determination.
The following is a brief summary of our conclusions:
Authentication is often viewed as an end-to-end performance bottleneck
in networks. To analyze the impact of IP Authentication Headers (AHs)
on end-to-end performance, a comparison of IP AH algorithms in IPv4 on
SunOS was completed, indicating that MD5 is 1/3 as fast as stand-alone
MD5 (in memory). Network-standard byte-order (NSBO) versions of
several hash algorithms were compared to ISI's Alternate Hash
Algorithm (AHA) which is native to any byte order [see reference
J. Touch, "Performance Analysis of MD5," Proc. ACM SIGCOMM '95,
Boston, MA, Aug. 1995, pp. 77-86]. In NSBO, Rogaway's Alternate Hash
(AH) [P. Rogaway, "Design and Analysis of Message Authentication
Codes," Proc. RSA Data Security Conf., Jan. 1996] is nearly twice the
speed of MD5. AHA is the fastest current algorithm, and is twice as
fast as AH, which is the next-fastest. This comparison is being used
to suggest alternatives to MD5 for IP-level authentication, to enable
authentication while retaining high bandwidth.
The following people have contributed to this code:
Joe Touch Project leader, overall architecture.
Optimized MD5 algorithm, AHA algorithm designs.
Annette DeSchon Initial blast design and implementation.
Avneesh Sachdev Initial version of IPv4 kernel patches
for MD5, MD5-OPT, and modifications to
blast to engage socket options.
Darshan Jani Final implementation of patches, blast,
and scripts.
Contact touch@isi.edu for more information, or contact the
ATOMIC-2 web pages (http://www.isi.edu/atomic2).
(end.)
----------------------------------------------------------------------
Joe Touch - touch@isi.edu http://www.isi.edu/~touch/
ISI / Project Leader, ATOMIC-2, LSAM http://www.isi.edu/atomic2/
USC / Research Assistant Prof. http://www.isi.edu/lsam/