Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 19 Oct 2014 00:46:00 -0700
From:      John-Mark Gurney <jmg@funkthat.com>
To:        Freddie Cash <fjwcash@gmail.com>
Cc:        Mark Martinec <Mark.Martinec+freebsd@ijs.si>, FreeBSD-Current <freebsd-current@freebsd.org>
Subject:   Re: ssh None cipher
Message-ID:  <20141019074600.GD82214@funkthat.com>
In-Reply-To: <CAOjFWZ4EndnanZ_oyMeA9bH%2BxxTZ%2BJ8mnJtTdvBjTMYvUsXr2w@mail.gmail.com>
References:  <CAOc73CCvQqwg65tt9vs54CoU1HGvV7ZxLWeQwXiSOm8UjtV50w@mail.gmail.com> <alpine.GSO.1.10.1410172242240.27826@multics.mit.edu> <5441E834.2000906@freebsd.org> <544246E8.1090001@ijs.si> <CAOjFWZ4EndnanZ_oyMeA9bH%2BxxTZ%2BJ8mnJtTdvBjTMYvUsXr2w@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Freddie Cash wrote this message on Sat, Oct 18, 2014 at 10:21 -0700:
> On Oct 18, 2014 3:54 AM, "Mark Martinec" <Mark.Martinec+freebsd@ijs.si>
> wrote:
> >
> > If the purpose of having a none cipher is to have a fast
> > file transfer, then one should be using  sysutils/bbcp
> > for that purposes. Uses ssd for authentication, and
> > opens unencrypted channel(s) for the actual data transfer.
> > It's also very fast, can use multiple TCP streams.
> 
> That's an interesting alternative to rsync, scp, and ftp, but doesn't help
> with zfs send/recv which is where the none cipher really shines.
> 
> Without the none cipher, SSH becomes the bottleneck limiting transfers to
> around 400 Mbps on a gigabit LAN. With the none cipher, the network becomes
> the bottleneck limiting transfers to around 920 Mbps on the same gigabit
> LAN.
> 
> This is between two 8-core AMD Opteron 6200 systems using igb(4) NICs.

Are you running on HEAD or possibly 10.x (I believe we have OpenSSL
1.0.x on 10.x)?  w/ modern processors w/ AES-NI and a modern version of
OpenSSL, you should be able to get much faster speeds than that...  I'm
able to get ~200MB/s over lo0 on my HEAD box on a:
CPU: AMD A10-5700 APU with Radeon(tm) HD Graphics    (3393.89-MHz K8-class CPU)

$ netstat -w 1 -I lo0
            input            lo0           output
   packets  errs idrops      bytes    packets  errs      bytes colls
     39162     0     0  207823548      39162     0  207823548     0
     26327     0     0  158674156      26327     0  158674156     0
     38254     0     0  221313096      38254     0  221313096     0
     41362     0     0  219740344      41362     0  219740344     0
     40271     0     0  213565272      40271     0  213565272     0
     37698     0     0  225447008      37698     0  225447008     0

while running:
$ ssh 0 dd if=/dev/zero >/dev/null

This is w/ no special patches to OpenSSL or ssh...

It could go twice as fast if ssh could use multiple threads to do the
encryption (the processor has 4 cores, 2 would be used for sending, 2
for receiving)...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141019074600.GD82214>