600Mbps seems about right, I tested a pair of E5649-based boxes to
550Mbps last year (with aes-128-gcm):

http://marc.info/?l=openbsd-misc&m=134033767126930

You'll probably get slightly more than 600 with with multiple TCP
streams. 

Assuming PF was enabled for your test (the default configuration), the
performance should be about the same with a proper ruleset. Traffic for
existing states won't hit the ruleset at all.


On Fri, Sep 28, 2012 at 06:39:14PM -0400, Jim Miller wrote:
> Yes.  Let me double check everything again on Monday.  Keep in mind that
> all devices had 1Gb ethernet interfaces and everything was directly
> cabled.  No pf rules either.  w/o ipsec I could get 900mbps through the
> openbsd boxes.
> 
> Now you've got me thinking I need to recheck everything.
> 
> -Jim
> 
> On 9/28/12 5:19 PM, Hrvoje Popovski wrote:
> > Hi,
> >
> > On 28.9.2012 22:09, Jim Miller wrote:
> >> So using another Mac w/ 1Gb ethernet adapter to a Linux box w/ 1Gb eth I
> >> was able to achieve approx. 600Mbps performance through the test setup
> >> (via iperf and my dd method).  
> >>
> > 600Mbps via ipsec between two Intel E31220 ?

Reply via email to