OpenSSH performance with VIA padlock
Jan Pechanec
Jan.Pechanec at Sun.COM
Wed Nov 19 03:51:30 EST 2008
On Tue, 18 Nov 2008, Jan Klod wrote:
>Hello list,
>please spend a minute considering these facts and maybe there is something to
>improve:
>
>1) VIA Eden based board can write AES256 encrypted information on HDD at >
>60MB/s
>2) iperf shows NIC speed 69MB/s
>3) openssl tests have even better results
>4) openssh can transfer AES256 encrypted information at < 27MB/s (and worse
>with HDD encryption)
>
>It is better with openssh 5.x, than 4.6, but still I see no reason why results
>are so bad... Please, could someone explain? I don't believe, padlock is used
>properly...
after the initial key exchange, the processing of SSH packets is not
about encryption/decryption only but also about HMAC. MD5/SHA-* are much
faster in software than AES but if AES goes to HW and HMAC stays in SW it
can make a significant impact on the overall numbers when compared to
OpenSSL speed, for example.
also, the packet (1 cipher block) length is decrypted independently
from the rest of the packet in OpenSSH. Usually, working with small blocks
is much slower in HW than in SW due to inherent overhead of offloading
anything to HW. In general, the size of blocks offloaded is very important -
your benchmark numbers might be affected by different block sizes used.
those 2 things mentioned above might be the reason why you see 1/2
of what you have expected.
J.
--
Jan Pechanec
More information about the openssh-unix-dev
mailing list