On Wed, 2019-04-10 at 21:41 +0000, Phillips, Tony wrote: > Using the "Fake Server", and doing this from the OpenConnect Client: > > # netperf/bin/netperf netperf -H 172.16.0.2 -t UDP_STREAM -- -m 1024 > MIGRATED UDP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 172.16.0.2 > () port 0 AF_INET > Socket Message Elapsed Messages > Size Size Time Okay Errors Throughput > bytes bytes secs # # 10^6bits/sec > > 212992 1024 10.00 12856801 0 10532.26 > 212992 10.00 200274 164.06 > > ... About what we're getting across the MAN using the real Palo Alto.
OK. That's probably what we expected, but good to confirm. > And doing openconnect with --no-dtls caused a slowdown by about half. OK, not purely that AES-CBC + HMAC-SHA1 is slow then. Unless the server is limiting the TLS to something crappy too. > Can you give me a little more guidance on how to do a Kernel<->Kernel test on > a single VM? Not "on a single VM", between the same pair. Just run the same espsetup.sh script on the "client" end too. and esplisten.pl too of course. > I haven't done the "perf" on that yet, though.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
