OpenSSH performance with VIA padlock

Jan Pechanec Jan.Pechanec at Sun.COM
Wed Nov 19 03:51:30 EST 2008

On Tue, 18 Nov 2008, Jan Klod wrote:

>Hello list,
>please spend a minute considering these facts and maybe there is something to 
>1) VIA Eden based board can write AES256 encrypted information on HDD at > 
>2) iperf shows NIC speed 69MB/s
>3) openssl tests have even better results
>4) openssh can transfer AES256 encrypted information at < 27MB/s (and worse 
>with HDD encryption)
>It is better with openssh 5.x, than 4.6, but still I see no reason why results 
>are so bad... Please, could someone explain? I don't believe, padlock is used 
	after the initial key exchange, the processing of SSH packets is not 
about encryption/decryption only but also about HMAC. MD5/SHA-* are much 
faster in software than AES but if AES goes to HW and HMAC stays in SW it 
can make a significant impact on the overall numbers when compared to 
OpenSSL speed, for example.

	also, the packet (1 cipher block) length is decrypted independently 
from the rest of the packet in OpenSSH. Usually, working with small blocks 
is much slower in HW than in SW due to inherent overhead of offloading 
anything to HW. In general, the size of blocks offloaded is very important - 
your benchmark numbers might be affected by different block sizes used.

	those 2 things mentioned above might be the reason why you see 1/2 
of what you have expected.


Jan Pechanec

More information about the openssh-unix-dev mailing list