Re: transfer speed data

To: debian-user@lists.debian.org
Subject: Re: transfer speed data
From: Michael Stone <mstone@debian.org>
Date: Wed, 23 Dec 2020 10:03:04 -0500
Message-id: <[🔎] 5a652704-4529-11eb-9b6a-00163eeb5320@msgid.mathom.us>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 14ccb805-9bb5-7a06-c05e-87b71c276cbb@ardley.org>
References: <7df3d25130eb7db83436fcf4f6cfd0c0.ref@gmail.com> <[🔎] 7df3d25130eb7db83436fcf4f6cfd0c0@gmail.com> <[🔎] 532e1383-454d-0f02-dcc5-a19bb749aad0@ardley.org> <[🔎] 14ccb805-9bb5-7a06-c05e-87b71c276cbb@ardley.org>

On Wed, Dec 23, 2020 at 09:56:01AM +0800, Jeremy Ardley wrote:

Having said that, scp and ssh are affected by the encryption algorithm. The
fastest one at the moment is blowfish and it's possible to get up to 50 MB/s on
a gig lan.

That's pretty ancient advice. The fastest on most modern x86 CPUs withAES-NI instructions is aes128-gcm@openssh.com. Without AES-NI yourfastest may be chacha20-poly1305@openssh.com. The default is chacha20,which is fast enough in most cases that it doesn't matter, but worthtesting & reconfiguring in cases where it does. Blowfish isn't supportedin the latest versions of ssh, and even before it was dropped it wasmuch slower than hardware-accelerated AES. It also never got anauthenticated encryption mode IIRC, so it had additional MAC overheadthat the more modern modes do not.

The following are on a mid-range Ryzen machine running to localhost, totake the network out of the equation, and are copying a sparse 1G fileto /dev/null so there's no disk I/O; either of these algorithms willeasily max out a gigabit connection if the disks are fast enough.

scp -o Ciphers=aes128-gcm@openssh.com testfil localhost:/dev/null

testfil 100% 1024MB 864.3MB/s 00:01

scp -o Ciphers=chacha20-poly1305@openssh.com testfil localhost:/dev/null

testfil                               100% 1024MB 475.1MB/s   00:02

For comparison, here's stretch (still supported blowfish) on a much lowerpower intel CPU (i3-7100U):


$ scp -o Ciphers=chacha20-poly1305@openssh.com testfil localhost:/dev/null

testfil 100% 1024MB 167.7MB/s 00:06$ scp -o Ciphers=aes128-gcm@openssh.com testfil localhost:/dev/nulltestfil 100% 1024MB 507.5MB/s 00:02$ scp -o Ciphers=blowfish-cbc testfil localhost:/dev/nulltestfil 100% 1024MB 77.8MB/s 00:13(see how terrible blowfish is, and how the AES-NI acceleration leads toAES tremendously outperforming CHACHA20?)


here's an almost 10 year old non-AES-NI desktop cpu:

$ scp -o Ciphers=aes128-gcm@openssh.com testfil localhost:/dev/null

testfil 100% 1024MB 224.7MB/s 00:04$ scp -o Ciphers=chacha20-poly1305@openssh.com testfil localhost:/dev/nulltestfil 100% 1024MB 184.9MB/s 00:05Note that AES & CHACHA20 are much closer in performance, but AES isstill faster. Note also that either can still max out gigabit ethernet.

Reply to:

Follow-Ups:
- Re: transfer speed data
  - From: Jeremy Ardley <jeremy@ardley.org>

References:
- transfer speed data
  - From: mick crane <mick.crane@gmail.com>
- Re: transfer speed data
  - From: Jeremy Ardley <jeremy@ardley.org>
- Re: transfer speed data
  - From: Jeremy Ardley <jeremy@ardley.org>

Prev by Date: Re: Debian 8 system is not fully functional
Next by Date: Re: transfer speed data
Previous by thread: Re: transfer speed data
Next by thread: Re: transfer speed data
Index(es):
- Date
- Thread