From owner-freebsd-net  Wed Jul 12 10:28:12 2000
Delivered-To: freebsd-net@freebsd.org
Received: from decoy.sfc.keio.ac.jp (decoy.sfc.keio.ac.jp [133.27.84.101])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2736C37BF62; Wed, 12 Jul 2000 10:28:00 -0700 (PDT)
	(envelope-from say@sfc.wide.ad.jp)
Received: from localhost (localhost.sfc.keio.ac.jp [127.0.0.1])
	by decoy.sfc.keio.ac.jp (8.9.3/8.9.3) with ESMTP id CAA01372;
	Thu, 13 Jul 2000 02:27:16 +0900 (JST)
	(envelope-from say@sfc.wide.ad.jp)
To: freebsd-net@FreeBSD.ORG
Cc: lconrad@Go2France.com, kris@FreeBSD.ORG
Subject: IPsec Performance (Re: Merge of KAME code)
From: ARIGA Seiji <say@sfc.wide.ad.jp>
In-Reply-To: <Pine.BSF.4.21.0007111506110.88886-100000@freefall.freebsd.org>
References: <4.3.2.7.2.20000711174522.03075a20@mail.Go2France.com>
	<Pine.BSF.4.21.0007111506110.88886-100000@freefall.freebsd.org>
X-Mailer: Mew version 1.95b3 on Emacs 20.7 / Mule 4.0 (HANANOEN)
X-PGP-Publickey: http://decoy.sfc.keio.ac.jp/~say/key.txt
X-PGP-Fingerprint: 8E 70 AB 20 44 E6 8A 8A  1C 49 B3 30 44 1B B3 BA
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20000713022715E.say@decoy.sfc.keio.ac.jp>
Date: Thu, 13 Jul 2000 02:27:15 +0900
X-Dispatcher: imput version 991025(IM133)
Lines: 33
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi,

On Tue, 11 Jul 2000 15:07:22 -0700 (PDT),
Kris Kennaway <kris@FreeBSD.ORG> wrote,

: > Has anybody benchmarked or simulated how many tunnels and bits/sec one 
: > software-only FreeBSD IPsec server can support?
: My P120 can do about 2.5MBps :-)

I used to benchmarked IPsec performance on following platform with netperf.

  - PentiumIII 500MHz
  - 256MB Memory
  - Intel Ether Express Pro 100 (100Mbps)
  - FreeBSD 2.2.8
  - KAME 19990809 stable
  - connect two machines directly
  - IPv4
  - IPsec transport mode
  - ESP with 3DES-CBC
  - AH with HMAC-SHA1

And the results are about,

  TCP STREAM TEST   UDP STREAM TEST
    NONE:   60Mbps    NONE:   94Mbps
    AH:     23Mbps    AH:     30Mbps
    ESP:    11Mbps    ESP:    11Mbps
    AH+ESP:  8Mbps    AH+ESP:  9Mbps

P.S. The same tests with IPv6 produced almost the same results.

// ARIGA Seiji


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message