From owner-freebsd-current@FreeBSD.ORG Sun Oct 19 07:46:02 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B0A90573 for ; Sun, 19 Oct 2014 07:46:02 +0000 (UTC) Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "funkthat.com", Issuer "funkthat.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 811D8682 for ; Sun, 19 Oct 2014 07:46:01 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id s9J7k1Ht000678 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 19 Oct 2014 00:46:01 -0700 (PDT) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id s9J7k06D000677; Sun, 19 Oct 2014 00:46:00 -0700 (PDT) (envelope-from jmg) Date: Sun, 19 Oct 2014 00:46:00 -0700 From: John-Mark Gurney To: Freddie Cash Subject: Re: ssh None cipher Message-ID: <20141019074600.GD82214@funkthat.com> Mail-Followup-To: Freddie Cash , Mark Martinec , FreeBSD-Current References: <5441E834.2000906@freebsd.org> <544246E8.1090001@ijs.si> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Sun, 19 Oct 2014 00:46:01 -0700 (PDT) Cc: Mark Martinec , FreeBSD-Current X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Oct 2014 07:46:02 -0000 Freddie Cash wrote this message on Sat, Oct 18, 2014 at 10:21 -0700: > On Oct 18, 2014 3:54 AM, "Mark Martinec" > wrote: > > > > If the purpose of having a none cipher is to have a fast > > file transfer, then one should be using sysutils/bbcp > > for that purposes. Uses ssd for authentication, and > > opens unencrypted channel(s) for the actual data transfer. > > It's also very fast, can use multiple TCP streams. > > That's an interesting alternative to rsync, scp, and ftp, but doesn't help > with zfs send/recv which is where the none cipher really shines. > > Without the none cipher, SSH becomes the bottleneck limiting transfers to > around 400 Mbps on a gigabit LAN. With the none cipher, the network becomes > the bottleneck limiting transfers to around 920 Mbps on the same gigabit > LAN. > > This is between two 8-core AMD Opteron 6200 systems using igb(4) NICs. Are you running on HEAD or possibly 10.x (I believe we have OpenSSL 1.0.x on 10.x)? w/ modern processors w/ AES-NI and a modern version of OpenSSL, you should be able to get much faster speeds than that... I'm able to get ~200MB/s over lo0 on my HEAD box on a: CPU: AMD A10-5700 APU with Radeon(tm) HD Graphics (3393.89-MHz K8-class CPU) $ netstat -w 1 -I lo0 input lo0 output packets errs idrops bytes packets errs bytes colls 39162 0 0 207823548 39162 0 207823548 0 26327 0 0 158674156 26327 0 158674156 0 38254 0 0 221313096 38254 0 221313096 0 41362 0 0 219740344 41362 0 219740344 0 40271 0 0 213565272 40271 0 213565272 0 37698 0 0 225447008 37698 0 225447008 0 while running: $ ssh 0 dd if=/dev/zero >/dev/null This is w/ no special patches to OpenSSL or ssh... It could go twice as fast if ssh could use multiple threads to do the encryption (the processor has 4 cores, 2 would be used for sending, 2 for receiving)... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."