From owner-freebsd-stable@FreeBSD.ORG Mon Mar 16 00:34:30 2015 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E3876545 for ; Mon, 16 Mar 2015 00:34:30 +0000 (UTC) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [IPv6:2607:f3e0:0:1::12]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "smarthost.sentex.ca", Issuer "smarthost.sentex.ca" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AC79BE2A for ; Mon, 16 Mar 2015 00:34:30 +0000 (UTC) Received: from [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a] (saphire3.sentex.ca [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a]) by smarthost1.sentex.ca (8.14.9/8.14.9) with ESMTP id t2G0YTKR012896 for ; Sun, 15 Mar 2015 20:34:29 -0400 (EDT) (envelope-from mike@sentex.net) Message-ID: <5506250A.2000506@sentex.net> Date: Sun, 15 Mar 2015 20:34:18 -0400 From: Mike Tancsa Organization: Sentex Communications User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: FreeBSD-STABLE Mailing List Subject: 35-40% performance drop releng9 vs releng10 openvpn Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.75 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Mar 2015 00:34:31 -0000 As part of moving from a RELENG8 based image to a RELENG9 or 10, I was doing some simple performance testing and found RELENG_9 to be quite a bit faster when generating traffic through a pcengines APU (dual core, AMD64, 2G of RAM). Both are using generic kernels blasting across an aes-128cbc tunnel, on releng9 I get # dd if=/dev/zero | nc 10.3.24.25 500 326002688 bytes transferred in 37.188139 secs (8766308 bytes/sec) vs # dd if=/dev/zero | nc 10.3.24.25 500 146982400 bytes transferred in 27.750440 secs (5296579 bytes/sec) on releng10. Both have identical pf rules, but disabling pf does not make much of a difference in speed. I havent started checking any of the default tunables. The box will be functioning as a VPN router and I was hoping to get at least 50Mb/s out of it, and I can do that on RELENG9, but not 10. Any ideas what to do with RELENG10 to get comparable performance out of it ? ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/