Re: VPN performance with tunnelv
On Monday, 24 February 2003, at 18:39:08 +0100,
Ivo Marino wrote:
> Now we've connected to this networks some voice over IP phones which we
> would like to use through the VPN, the connection works and is securely
> encrypted but network performance is quite low.
>
What is "low" in this context ?. Give numbers, and then we can compare
with some other setups.
> The two endpoints are build up from Intel PII 266MHz CPUs and have almost
> 128 MBs of RAM so I actually don't think the VPN performance could be
> directly related with the hardware performance, encryption and decryption
> of the VPN data plus routing should not be a problem with this kind of
> hardware, am I right?
>
Just tried a point to point tunnel with FreeS/WAN o nmy switch-based
network. On the red corner, mighty AMD XP 1700+ and Linux kernel 2.4.20
with FreeS/WAN (extensions included) patches version 1.99-2, and kernel
compiled for AMD Athlon, and a 10/100 PCI card. On the blue corner,
a shameful Pentium classis 75 MHz, Linux kernel and FreeS/WAN patches as
before, an ISA 10 Mbps card, and kernel compiled for i386.
Using 3DES encryption with a 168 bit-long key, I get about 300 KB/s in
either way (to or from the Pentium box, not simultaneously). Changing
ESP encryption algorithm to AES128 does not seem to change a thing (and
it should, this need further investigation on my part).
As IPsec seems to be quite heavy as a protocol, and 3DES is the worst
performing algorithm know to humans ;-), I would expect you box should
perform at least five times mine, that would give more than 1.5 MB/s, or
enough to saturate a 10 Mbps Ethernet.
Check the following URL for some performance data on recent FreeS/WAN:
http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/performance.html#performance
Hope it helps.
--
Jose Luis Domingo Lopez
Linux Registered User #189436 Debian Linux Sid (Linux 2.4.20-xfsip)
Reply to: