From owner-freebsd-current@FreeBSD.ORG  Sun Oct 19 18:01:23 2014
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id E55E04B0
 for <freebsd-current@freebsd.org>; Sun, 19 Oct 2014 18:01:22 +0000 (UTC)
Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net
 [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id A5CDA383
 for <freebsd-current@freebsd.org>; Sun, 19 Oct 2014 18:01:21 +0000 (UTC)
Received: from [192.168.1.2] (Seawolf.HML3.ScaleEngine.net [209.51.186.28])
 (Authenticated sender: allanjude.freebsd@scaleengine.com)
 by mx1.scaleengine.net (Postfix) with ESMTPSA id 1C8D3619FC
 for <freebsd-current@freebsd.org>; Sun, 19 Oct 2014 18:01:15 +0000 (UTC)
Message-ID: <5443FC83.3030104@freebsd.org>
Date: Sun, 19 Oct 2014 14:01:39 -0400
From: Allan Jude <allanjude@freebsd.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: freebsd-current@freebsd.org
Subject: Re: ssh None cipher
References: <CAOc73CCvQqwg65tt9vs54CoU1HGvV7ZxLWeQwXiSOm8UjtV50w@mail.gmail.com>
 <alpine.GSO.1.10.1410172242240.27826@multics.mit.edu>
 <5441E834.2000906@freebsd.org> <544246E8.1090001@ijs.si>
 <CAOjFWZ4EndnanZ_oyMeA9bH+xxTZ+J8mnJtTdvBjTMYvUsXr2w@mail.gmail.com>
 <20141019074600.GD82214@funkthat.com>
In-Reply-To: <20141019074600.GD82214@funkthat.com>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="A0brAQg2cPuaH5TeTODCQjLW8AHwPO2Lc"
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Oct 2014 18:01:23 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--A0brAQg2cPuaH5TeTODCQjLW8AHwPO2Lc
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 2014-10-19 03:46, John-Mark Gurney wrote:
> Freddie Cash wrote this message on Sat, Oct 18, 2014 at 10:21 -0700:
>> On Oct 18, 2014 3:54 AM, "Mark Martinec" <Mark.Martinec+freebsd@ijs.si=
>
>> wrote:
>>>
>>> If the purpose of having a none cipher is to have a fast
>>> file transfer, then one should be using  sysutils/bbcp
>>> for that purposes. Uses ssd for authentication, and
>>> opens unencrypted channel(s) for the actual data transfer.
>>> It's also very fast, can use multiple TCP streams.
>>
>> That's an interesting alternative to rsync, scp, and ftp, but doesn't =
help
>> with zfs send/recv which is where the none cipher really shines.
>>
>> Without the none cipher, SSH becomes the bottleneck limiting transfers=
 to
>> around 400 Mbps on a gigabit LAN. With the none cipher, the network be=
comes
>> the bottleneck limiting transfers to around 920 Mbps on the same gigab=
it
>> LAN.
>>
>> This is between two 8-core AMD Opteron 6200 systems using igb(4) NICs.=

>=20
> Are you running on HEAD or possibly 10.x (I believe we have OpenSSL
> 1.0.x on 10.x)?  w/ modern processors w/ AES-NI and a modern version of=

> OpenSSL, you should be able to get much faster speeds than that...  I'm=

> able to get ~200MB/s over lo0 on my HEAD box on a:
> CPU: AMD A10-5700 APU with Radeon(tm) HD Graphics    (3393.89-MHz K8-cl=
ass CPU)
>=20
> $ netstat -w 1 -I lo0
>             input            lo0           output
>    packets  errs idrops      bytes    packets  errs      bytes colls
>      39162     0     0  207823548      39162     0  207823548     0
>      26327     0     0  158674156      26327     0  158674156     0
>      38254     0     0  221313096      38254     0  221313096     0
>      41362     0     0  219740344      41362     0  219740344     0
>      40271     0     0  213565272      40271     0  213565272     0
>      37698     0     0  225447008      37698     0  225447008     0
>=20
> while running:
> $ ssh 0 dd if=3D/dev/zero >/dev/null
>=20
> This is w/ no special patches to OpenSSL or ssh...
>=20
> It could go twice as fast if ssh could use multiple threads to do the
> encryption (the processor has 4 cores, 2 would be used for sending, 2
> for receiving)...
>=20

There is a patch for threaded AES-CTR in the openssh-portable port.
Might be worth benchmarking that.

--=20
Allan Jude


--A0brAQg2cPuaH5TeTODCQjLW8AHwPO2Lc
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJUQ/yDAAoJEJrBFpNRJZKfhlEQAIYcx55Hh0YP8gczLTDU7ltd
5X9yTb7NQmesYY2IwkTRxC4eF04q7/t8Mh3uicM3J/uTXnr3GiGjG84BW9poIhAe
kx9DxGj1BjiSjPasp2DbEZ0PJ27NVboL1mXyM0QOoLasKz9YiS9pDm9WxB5khJIQ
mA9zGkbmXHd6gkrhhWwX/1iwednKaJ9W3UWT606DpuEtPkgDc776b8yQIB5OWK8H
2I3ks5GNnxC93JsR+rqnLADs/AmnmCUUWSj5rYF1VLKX/BKBqxdF+S3mPGvqTrka
s9jGp1xlwPuU9dr7shIC+oYL6lEjPuB8HvESmVxRYCe/IHFa27jsV7K6WweIxO5F
W5jcJSrKxpj+HyojDBJDpaiw7AGizIts6EwBqPwW4mUwIIFKGEjjH+XPL7qrzm51
Sth8ZeBhoa4EYCYd0JQN22pqzMrcjd9l5Xw0pCU0fYYLWpevumHaIc3+0dbs4iYY
+i6M97ceLZ8goQSwfGEZohztiLpuE2kSoe48YHGJSYBV/1kMulQDTVlln6Jkl0SG
4Hei5q6qqTm4kLl+HTZZv3jWfQ0J6PVUS1EcER01I+M9hjtGvW4QVl5kxUv4+gs8
Inihe1MG54Ik0YgFWoyTgWYLUa56XFmlLyRC5ovgs42w+rmQk0eYtwpHe4U2N3xR
d42umOHA2gAVe6EbE0dG
=GWFq
-----END PGP SIGNATURE-----

--A0brAQg2cPuaH5TeTODCQjLW8AHwPO2Lc--