Optional 'test' or benchmark cipher
Iain Morgan
imorgan at nas.nasa.gov
Fri Jan 18 04:17:12 EST 2008
On Wed, Jan 16, 2008 at 17:47:02 -0800, Linda Walsh wrote:
> > What are you typically seeing for your transfer rates? What cipher/MAC
> > combination are you using and what version of OpenSSL? Also, what
> > version of OpenSSH?
> ----
> Most are under 12MB/s (which, I know, sounds like very good
> 100Mbs performance -- cept that I'm expecting Gigabit performance.
>
> Interfaces are running at 1G verified w/"ethtool" and "lights on
> the switches involved".
>
> I looped through all of the ciphers transferring a 256MB
> uncompressible (bzip2'ed) file (No compression enabled on any machine, BTW). The fastest cipher was the first tried (default) aes128-cbc. Most were
> significantly slower (~3-10X). But the fastest was 16.7MB/s, with
> the rest under 11.9 (and one ~1.1MB (unexplained slowness between 2 fastest
> machines). The win machine has 3-switches between it and the other 3 --
> they are all off the same switch.
That certainly seems a bit odd to me. Typically arcfour will give you
the best performance. And if you are using OpenSSH 4.7 on both ends, I
would suggest using umac-64 for the MAC.
A quick test yesterday with a 790MB file showed a transfer rate of
28MB/s between two hosts. One was running 4.7p1 built against a recent
version of OpenSSL. The other system was a stock RHEL 4 system, which
reduced the performance somewhat.
On another architecture, I've seen transfer rates around 60 MB/s.
You might want to run 'openssl speed' and see what numbers you are
getting. It may be that your build of OpenSSL is not optimal for some
reason.
--
Iain Morgan
More information about the openssh-unix-dev
mailing list