Date: Mon, 27 Oct 2014 09:35:13 -0700 From: Freddie Cash <fjwcash@gmail.com> To: Mark Martinec <Mark.Martinec+freebsd@ijs.si>, FreeBSD-Current <freebsd-current@freebsd.org> Subject: Re: ssh None cipher Message-ID: <CAOjFWZ5GWGhyo8wrC2NhAHxZR1cCcXMbO9PGdDh3nYfu-ha6XQ@mail.gmail.com> In-Reply-To: <CAOjFWZ4-CNxeEr=y1KA9z75ktNZVasn7zXXCszqPoCZFmtWOWw@mail.gmail.com> References: <CAOc73CCvQqwg65tt9vs54CoU1HGvV7ZxLWeQwXiSOm8UjtV50w@mail.gmail.com> <alpine.GSO.1.10.1410172242240.27826@multics.mit.edu> <5441E834.2000906@freebsd.org> <544246E8.1090001@ijs.si> <CAOjFWZ4EndnanZ_oyMeA9bH%2BxxTZ%2BJ8mnJtTdvBjTMYvUsXr2w@mail.gmail.com> <20141019074600.GD82214@funkthat.com> <CAOjFWZ4-CNxeEr=y1KA9z75ktNZVasn7zXXCszqPoCZFmtWOWw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 19, 2014 at 10:35 AM, Freddie Cash <fjwcash@gmail.com> wrote: > On Oct 19, 2014 12:46 AM, "John-Mark Gurney" <jmg@funkthat.com> wrote: > > > > Freddie Cash wrote this message on Sat, Oct 18, 2014 at 10:21 -0700: > > > On Oct 18, 2014 3:54 AM, "Mark Martinec" <Mark.Martinec+freebsd@ijs.s= i > > > > > wrote: > > > > > > > > If the purpose of having a none cipher is to have a fast > > > > file transfer, then one should be using sysutils/bbcp > > > > for that purposes. Uses ssd for authentication, and > > > > opens unencrypted channel(s) for the actual data transfer. > > > > It's also very fast, can use multiple TCP streams. > > > > > > That's an interesting alternative to rsync, scp, and ftp, but doesn't > help > > > with zfs send/recv which is where the none cipher really shines. > > > > > > Without the none cipher, SSH becomes the bottleneck limiting transfer= s > to > > > around 400 Mbps on a gigabit LAN. With the none cipher, the network > becomes > > > the bottleneck limiting transfers to around 920 Mbps on the same > gigabit > > > LAN. > > > > > > This is between two 8-core AMD Opteron 6200 systems using igb(4) NICs= . > > > > Are you running on HEAD or possibly 10.x (I believe we have OpenSSL > > 1.0.x on 10.x)? > > Nope, 9.2. And I don't think the 6200 series Opterons have AES-NI. > =E2=80=8BCorrection, the AMD Opteron 6200-series of CPUs to support AES-NI. However, these storage boxes use AMD Opteron 6128 CPUs. :( They do not support AES-NI. AES-based ciphers are extremely slow on these systems; the multithreaded AES-based ciphers are better, but nowhere near what the NONE cipher provides. :) sysutils/bbcp is interesting as an alternative, but it's a lot more complex than just enabling NONE in OpenSSH. --=20 Freddie Cash fjwcash@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ5GWGhyo8wrC2NhAHxZR1cCcXMbO9PGdDh3nYfu-ha6XQ>