Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Nov 2015 09:56:03 -0800
From:      John-Mark Gurney <jmg@funkthat.com>
To:        Allan Jude <allanjude@freebsd.org>
Cc:        freebsd-current@freebsd.org
Subject:   Re: OpenSSH HPN
Message-ID:  <20151112175603.GZ65715@funkthat.com>
In-Reply-To: <5644C937.6030103@freebsd.org>
References:  <86io5a9ome.fsf@desk.des.no> <5643B3EB.1040002@FreeBSD.org> <20151112000651.GH48728@zxy.spb.ru> <5644C937.6030103@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Allan Jude wrote this message on Thu, Nov 12, 2015 at 12:15 -0500:
> On 2015-11-11 19:06, Slawa Olhovchenkov wrote:
> > On Wed, Nov 11, 2015 at 01:32:27PM -0800, Bryan Drewery wrote:
> > 
> >> On 11/10/2015 1:42 AM, Dag-Erling Smørgrav wrote:
> >>>  I would also like to remove the NONE cipher
> >>> patch, which is also available in the port (off by default, just like in
> >>> base).
> >>
> >> Fun fact, it's been broken in the port for several months with no
> >> complaints. It was just reported and fixed upstream in the last day and
> >> I wrote in a similar fix in the port. That speaks a lot about its usage
> >> in the port currently.
> > 
> > I am try using NPH/NONE with base ssh and confused: don't see
> > performance rise, too complex to enable and too complex for use.
> 
> I did a few quick (and dirty) benchmarks and it shows that the NONE
> cipher definitely makes a difference. Version of OpenSSL also seems to
> make a difference, as one might expect.
> 
> Note: openssh from ports seems to link against both base and ports
> libcrypto, I am still trying to make sure this isn't corrupting my
> benchmark results.

You don't need the aesni.ko module loaded for OpenSSL (which is how
OpenSSH uses most crypto algos) to use AES-NI..

Also, do you set any sysctl's to play w/ the buffer sizes or anything?

> I am still debugging my dummynet setup to be able to prove that HPN
> makes a difference (but it does).

Does my example on the page not work for you?

> https://wiki.freebsd.org/SSHPerf

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151112175603.GZ65715>