On Thu, Nov 7, 2013 at 8:51 AM, Vick Khera <vi...@khera.org> wrote: > I'm thinking it is either zero gain, or negative gain. On pfSense > 2.1-RELEASE (aka FreeBSD 8.3 with OpenSSL 1.0.1e) we see: >
Hm. So reading more, I learn that AES-NI will only be used with -evp on openssl, and openvpn uses evp by default. So I re-run my tests. CLEARLY it is killer fast for larger blocks. Doesn't seem like you need to specify engine cryptodev to openssl at all. I think I will see about configuring my openvpn tunnels to use larger MSS and not fragment internally... Before loading aesni into kernel: /usr/local/bin/openssl speed -evp aes-256-cbc Doing aes-256-cbc for 3s on 16 size blocks: 54635117 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 64 size blocks: 14089042 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 256 size blocks: 3617963 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 1024 size blocks: 907220 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 8192 size blocks: 113504 aes-256-cbc's in 3.00s OpenSSL 1.0.1e 11 Feb 2013 built on: Mon Aug 26 08:47:16 EDT 2013 options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: cc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall -O2 -pipe -fno-strict-aliasing -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 291387.29k 300566.23k 308732.84k 309664.43k 309941.59k /usr/local/bin/openssl speed -evp aes-256-cbc -engine cryptodev engine "cryptodev" set. Doing aes-256-cbc for 3s on 16 size blocks: 54623793 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 64 size blocks: 14308715 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 256 size blocks: 3618613 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 1024 size blocks: 906721 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 8192 size blocks: 113508 aes-256-cbc's in 3.01s OpenSSL 1.0.1e 11 Feb 2013 built on: Mon Aug 26 08:47:16 EDT 2013 options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: cc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall -O2 -pipe -fno-strict-aliasing -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 291326.90k 305252.59k 308788.31k 309494.10k 309147.44k after loading into kernel: /usr/local/bin/openssl speed -evp aes-256-cbc Doing aes-256-cbc for 3s on 16 size blocks: 2015840 aes-256-cbc's in 0.13s Doing aes-256-cbc for 3s on 64 size blocks: 1812883 aes-256-cbc's in 0.20s Doing aes-256-cbc for 3s on 256 size blocks: 1277825 aes-256-cbc's in 0.10s Doing aes-256-cbc for 3s on 1024 size blocks: 595015 aes-256-cbc's in 0.04s Doing aes-256-cbc for 3s on 8192 size blocks: 86289 aes-256-cbc's in 0.06s OpenSSL 1.0.1e 11 Feb 2013 built on: Mon Aug 26 08:47:16 EDT 2013 options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: cc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall -O2 -pipe -fno-strict-aliasing -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 242849.43k 571197.60k 3220905.35k 15597961.22k 11310071.81k /usr/local/bin/openssl speed -evp aes-256-cbc -engine cryptodev engine "cryptodev" set. Doing aes-256-cbc for 3s on 16 size blocks: 2015797 aes-256-cbc's in 0.15s Doing aes-256-cbc for 3s on 64 size blocks: 1820642 aes-256-cbc's in 0.20s Doing aes-256-cbc for 3s on 256 size blocks: 1277035 aes-256-cbc's in 0.14s Doing aes-256-cbc for 3s on 1024 size blocks: 596064 aes-256-cbc's in 0.06s Doing aes-256-cbc for 3s on 8192 size blocks: 86177 aes-256-cbc's in 0.05s OpenSSL 1.0.1e 11 Feb 2013 built on: Mon Aug 26 08:47:16 EDT 2013 options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: cc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall -O2 -pipe -fno-strict-aliasing -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 217281.70k 596587.97k 2324771.27k 9765912.58k 12909019.14k
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list