Date: Sun, 19 Oct 2014 14:01:39 -0400 From: Allan Jude <allanjude@freebsd.org> To: freebsd-current@freebsd.org Subject: Re: ssh None cipher Message-ID: <5443FC83.3030104@freebsd.org> In-Reply-To: <20141019074600.GD82214@funkthat.com> References: <CAOc73CCvQqwg65tt9vs54CoU1HGvV7ZxLWeQwXiSOm8UjtV50w@mail.gmail.com> <alpine.GSO.1.10.1410172242240.27826@multics.mit.edu> <5441E834.2000906@freebsd.org> <544246E8.1090001@ijs.si> <CAOjFWZ4EndnanZ_oyMeA9bH%2BxxTZ%2BJ8mnJtTdvBjTMYvUsXr2w@mail.gmail.com> <20141019074600.GD82214@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --A0brAQg2cPuaH5TeTODCQjLW8AHwPO2Lc Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2014-10-19 03:46, John-Mark Gurney wrote: > Freddie Cash wrote this message on Sat, Oct 18, 2014 at 10:21 -0700: >> On Oct 18, 2014 3:54 AM, "Mark Martinec" <Mark.Martinec+freebsd@ijs.si= > >> wrote: >>> >>> If the purpose of having a none cipher is to have a fast >>> file transfer, then one should be using sysutils/bbcp >>> for that purposes. Uses ssd for authentication, and >>> opens unencrypted channel(s) for the actual data transfer. >>> It's also very fast, can use multiple TCP streams. >> >> That's an interesting alternative to rsync, scp, and ftp, but doesn't = help >> with zfs send/recv which is where the none cipher really shines. >> >> Without the none cipher, SSH becomes the bottleneck limiting transfers= to >> around 400 Mbps on a gigabit LAN. With the none cipher, the network be= comes >> the bottleneck limiting transfers to around 920 Mbps on the same gigab= it >> LAN. >> >> This is between two 8-core AMD Opteron 6200 systems using igb(4) NICs.= >=20 > Are you running on HEAD or possibly 10.x (I believe we have OpenSSL > 1.0.x on 10.x)? w/ modern processors w/ AES-NI and a modern version of= > OpenSSL, you should be able to get much faster speeds than that... I'm= > able to get ~200MB/s over lo0 on my HEAD box on a: > CPU: AMD A10-5700 APU with Radeon(tm) HD Graphics (3393.89-MHz K8-cl= ass CPU) >=20 > $ netstat -w 1 -I lo0 > input lo0 output > packets errs idrops bytes packets errs bytes colls > 39162 0 0 207823548 39162 0 207823548 0 > 26327 0 0 158674156 26327 0 158674156 0 > 38254 0 0 221313096 38254 0 221313096 0 > 41362 0 0 219740344 41362 0 219740344 0 > 40271 0 0 213565272 40271 0 213565272 0 > 37698 0 0 225447008 37698 0 225447008 0 >=20 > while running: > $ ssh 0 dd if=3D/dev/zero >/dev/null >=20 > This is w/ no special patches to OpenSSL or ssh... >=20 > It could go twice as fast if ssh could use multiple threads to do the > encryption (the processor has 4 cores, 2 would be used for sending, 2 > for receiving)... >=20 There is a patch for threaded AES-CTR in the openssh-portable port. Might be worth benchmarking that. --=20 Allan Jude --A0brAQg2cPuaH5TeTODCQjLW8AHwPO2Lc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJUQ/yDAAoJEJrBFpNRJZKfhlEQAIYcx55Hh0YP8gczLTDU7ltd 5X9yTb7NQmesYY2IwkTRxC4eF04q7/t8Mh3uicM3J/uTXnr3GiGjG84BW9poIhAe kx9DxGj1BjiSjPasp2DbEZ0PJ27NVboL1mXyM0QOoLasKz9YiS9pDm9WxB5khJIQ mA9zGkbmXHd6gkrhhWwX/1iwednKaJ9W3UWT606DpuEtPkgDc776b8yQIB5OWK8H 2I3ks5GNnxC93JsR+rqnLADs/AmnmCUUWSj5rYF1VLKX/BKBqxdF+S3mPGvqTrka s9jGp1xlwPuU9dr7shIC+oYL6lEjPuB8HvESmVxRYCe/IHFa27jsV7K6WweIxO5F W5jcJSrKxpj+HyojDBJDpaiw7AGizIts6EwBqPwW4mUwIIFKGEjjH+XPL7qrzm51 Sth8ZeBhoa4EYCYd0JQN22pqzMrcjd9l5Xw0pCU0fYYLWpevumHaIc3+0dbs4iYY +i6M97ceLZ8goQSwfGEZohztiLpuE2kSoe48YHGJSYBV/1kMulQDTVlln6Jkl0SG 4Hei5q6qqTm4kLl+HTZZv3jWfQ0J6PVUS1EcER01I+M9hjtGvW4QVl5kxUv4+gs8 Inihe1MG54Ik0YgFWoyTgWYLUa56XFmlLyRC5ovgs42w+rmQk0eYtwpHe4U2N3xR d42umOHA2gAVe6EbE0dG =GWFq -----END PGP SIGNATURE----- --A0brAQg2cPuaH5TeTODCQjLW8AHwPO2Lc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5443FC83.3030104>