[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] IPSec performance implications / some results
At 14:37 13.07.2004 +0100, you wrote:
>This is with response to Mathias' post about any quantitative work done in
>the performance area. I would like to share some results that I have
>obtained very recently for some tests I carried out using IPSec on the
>Win2k platform.
>
>----------------------------------------------------------
>Here are the results. There are some interesting figures which I wish to
>seek some help for.
>
>IPSec Processing (kbps)
>
>Encryption Authentication Software supported Hardware
>supported Gain(%)
>DES 64-bit SHA-1
>160-bit 3154.88 3568.83 13.12
>DES 64-bit MD5
>128-bit 2635.37 2978.04 13.00
>3DES 192-bit SHA-1
>160-bit 2348.47 2548.60 8.52
>3DES 192-bit MD5
>128-bit 2543.63 2668.04 4.89
>
>Average improvement (due to dedicated hardware) 9.88
>----------------------------------------------------------
>
>It is interesting to note that MD5 is faster than SHA-1 when used with
>3DES but not when used with single DES? Comments welcome!
>
>
>Siraj
Yes, some comments.
First of all, the use of dedicated hardware may or even may not boost the
performance, in turns
of throughput. But. Even if it does not make the throughput faster in your
special test setup,
it does not mean that it's useless. It may as well be that your CPU load is
at 100% with
the encryption done in software and at 40% when done with hardware. That
means that the
CPU has left some processing power to do actual work in a server.
To simulate server load, you might want to burn some fixed CPU time per IP
packet,
in a seperate thread or process.
I don't like your numbers, because you don't state the speed with no
encryption at all.
You don't say how many times you tried. Standard deviation?
The speed difference is odd, as you have noticed, but I can't comment if
you don't say
how often you did the test.
I'd also like to point out that ESP uses 96 bit authentication, with both
SHA-1 and MD5,
not 128 and 160 bit as you write.
Jörn Sierwald
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec