From owner-freebsd-security@freebsd.org Sat Jan 23 21:23:29 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EFE0AA8F118; Sat, 23 Jan 2016 21:23:29 +0000 (UTC) (envelope-from michael+lists@burnttofu.net) Received: from burnttofu.net (burnttofu.net [IPv6:2607:fc50:1:9d00::9977]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "burnttofu.net", Issuer "burnttofu.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C7ECC1F91; Sat, 23 Jan 2016 21:23:29 +0000 (UTC) (envelope-from michael+lists@burnttofu.net) Received: from kimberton.burnttofu.net ([IPv6:2601:643:8400:3e00::7777]) (authenticated bits=0) by burnttofu.net (8.15.2/8.14.9) with ESMTPSA id u0NLNOgi037999 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 23 Jan 2016 16:23:25 -0500 (EST) (envelope-from michael+lists@burnttofu.net) Subject: Re: HPN and None options in OpenSSH To: Kevin Oberman , =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= References: <86mvrxvg79.fsf@desk.des.no> <56A2DE54.6070603@freebsd.org> <861t98e1el.fsf@desk.des.no> Cc: FreeBSD-STABLE Mailing List , FreeBSD Current , Julian Elischer , freebsd-security@freebsd.org From: Michael Sinatra X-Enigmail-Draft-Status: N1110 Message-ID: <56A3EF4C.20403@burnttofu.net> Date: Sat, 23 Jan 2016 13:23:24 -0800 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (burnttofu.net [IPv6:2607:fc50:1:9d00::9977]); Sat, 23 Jan 2016 16:23:26 -0500 (EST) X-Mailman-Approved-At: Sun, 24 Jan 2016 00:28:04 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Jan 2016 21:23:30 -0000 On 01/23/16 09:15, Kevin Oberman wrote: > Are you sure of this? I have not looked at the code, but my former > colleagues at the high performance research network ESnet claim at > http://fasterdata.es.net/data-transfer-tools/say-no-to-scp/ that the > internal buffers and effective window size have recently been increased > from 64KB to 1MB an allow for transfer rates of up to 140 Mbps over a link > with 53 ms. latency. With the HPN patches, they report 1.2 Gbps, making HPN > patches still significant over high latency paths. DES wrote: > The buffer code in 7.1 > supports dynamically-sized buffers with a hard limit of 128 MB. The > default window size for client sessions is 2 MB, or 1 MB if associated > with a tty. I'm not sure what the maximum size is. I'll try to do some cross-country or trans-Atlantic testing this weekend or next week, using a mix of ssh versions and HPN-patched versus not (and CentOS vs. FreeBSD vs. possibly Debian unstable with the 4.2+ kernel as yet another degree of freedom). I'll see what basic results I can get and we can update fasterdata.es.net as necessary. > That said, scp still performed poorly when compared to other technologies > (i.e. GridFTP) for bulk data transfer over high-latency high-bandwidth > links. (ESnet provides links of up to 400 Gbps between the US and Europe as > well as within the US, so this sort of thing is quite important to them.) That it is! > scp is a horrible protocol, use sftp or (preferably) rsync over ssh. I still think over ssh transport is lousy for bulk-data transfers, but it is the one thing that's generally installed by default on every OS and and is allowed by many firewalls. And, of course, it encrypts in flight. Certainly gridFTP, aspera (if you can afford it!) and other packages optimized for bulk data transfer will work better. michael ESnet