From owner-freebsd-current@freebsd.org Thu Nov 12 17:56:05 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2B912A2D6BF for ; Thu, 12 Nov 2015 17:56:05 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "gold.funkthat.com", Issuer "gold.funkthat.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E4A77164E; Thu, 12 Nov 2015 17:56:04 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.14.5/8.14.5) with ESMTP id tACHu47j028003 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Nov 2015 09:56:04 -0800 (PST) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.14.5/8.14.5/Submit) id tACHu3he028002; Thu, 12 Nov 2015 09:56:03 -0800 (PST) (envelope-from jmg) Date: Thu, 12 Nov 2015 09:56:03 -0800 From: John-Mark Gurney To: Allan Jude Cc: freebsd-current@freebsd.org Subject: Re: OpenSSH HPN Message-ID: <20151112175603.GZ65715@funkthat.com> References: <86io5a9ome.fsf@desk.des.no> <5643B3EB.1040002@FreeBSD.org> <20151112000651.GH48728@zxy.spb.ru> <5644C937.6030103@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <5644C937.6030103@freebsd.org> X-Operating-System: FreeBSD 9.1-PRERELEASE amd64 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.21 (2010-09-15) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (gold.funkthat.com [127.0.0.1]); Thu, 12 Nov 2015 09:56:04 -0800 (PST) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Nov 2015 17:56:05 -0000 Allan Jude wrote this message on Thu, Nov 12, 2015 at 12:15 -0500: > On 2015-11-11 19:06, Slawa Olhovchenkov wrote: > > On Wed, Nov 11, 2015 at 01:32:27PM -0800, Bryan Drewery wrote: > > > >> On 11/10/2015 1:42 AM, Dag-Erling Smørgrav wrote: > >>> I would also like to remove the NONE cipher > >>> patch, which is also available in the port (off by default, just like in > >>> base). > >> > >> Fun fact, it's been broken in the port for several months with no > >> complaints. It was just reported and fixed upstream in the last day and > >> I wrote in a similar fix in the port. That speaks a lot about its usage > >> in the port currently. > > > > I am try using NPH/NONE with base ssh and confused: don't see > > performance rise, too complex to enable and too complex for use. > > I did a few quick (and dirty) benchmarks and it shows that the NONE > cipher definitely makes a difference. Version of OpenSSL also seems to > make a difference, as one might expect. > > Note: openssh from ports seems to link against both base and ports > libcrypto, I am still trying to make sure this isn't corrupting my > benchmark results. You don't need the aesni.ko module loaded for OpenSSL (which is how OpenSSH uses most crypto algos) to use AES-NI.. Also, do you set any sysctl's to play w/ the buffer sizes or anything? > I am still debugging my dummynet setup to be able to prove that HPN > makes a difference (but it does). Does my example on the page not work for you? > https://wiki.freebsd.org/SSHPerf -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."