Re: SSH and gigabit NICs
Gustavo De Nardin wrote: On 07/07/05, Alex Zbyslaw [EMAIL PROTECTED] wrote: Does anyone have a clue what might be going on? Dunno, but you might take a look at /usr/ports/security/hpn-ssh/: Thanks for the tip. Will have a look as soon as I get the time to play again :-( Does anyone know if/how the none Cipher is really available? I need ssh only for authentication when transfering backups, and encryption makes a difference in transfer speed on slow machines... I'm in the same boat! If you find out about none then please let us know. If the code for a none cypher really is there, then it may be straightforward to turn it on. Then again, there may be a good reason why it *isn't* turned on. Might be worth asking on an ssh mailing list about this one... will be looking for one as soon as I get the time to play again :-( (Damn, I hates work; sigh). --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH and gigabit NICs
Gustavo De Nardin wrote: On 07/07/05, Alex Zbyslaw [EMAIL PROTECTED] wrote: Does anyone have a clue what might be going on? Dunno, but you might take a look at /usr/ports/security/hpn-ssh/: WWW: http://www.psc.edu/networking/projects/hpn-ssh/ Actually, this also seems to add support for a none cipher. See the bottom of the page at the URL above. --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH and gigabit NICs
Deyan Dyankov wrote: I'm not sure that this is the problem, but ..keep in mind, that ssh encrypts the data and ftp doesn't. The delay might be actually the time for encryption, right? Yes, this is a possibility, and I'll revisit it tonight. I thought I'd looked at the CPU usage during transfer, but I should do so again. It still seems strange to me that SSH got slower over Gigabit. It it had just not gotten faster, then the encryption would be the obvious culprit, but to get slower... Unfortunately there seems to be no way to turn off the encryption for SSH, which would be the easiest test. Thanks for the suggestion, --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH and gigabit NICs
On 08/07/05, Alex Zbyslaw [EMAIL PROTECTED] wrote: Unfortunately there seems to be no way to turn off the encryption for SSH, which would be the easiest test. Well, looking at /usr/src/crypto/openssh/cipher.c, there is a none in struct Cipher. But specifying 'none' in Ciphers in sshd_config, I get Bad SSH2 cipher spec 'none'. trying to start sshd. Does anyone know if/how the none Cipher is really available? I need ssh only for authentication when transfering backups, and encryption makes a difference in transfer speed on slow machines... -- (nil) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH and gigabit NICs
On 07/07/05, Alex Zbyslaw [EMAIL PROTECTED] wrote: Does anyone have a clue what might be going on? Dunno, but you might take a look at /usr/ports/security/hpn-ssh/: --- pkg-descr --- High Performance Enabled SSH/SCP from the Pittsburgh Supercomputing Center hpn-ssh is a version of OpenSSH modified to support high-performance bulk transfers (such as with scp or rsync). These modifications are required because: SCP and the underlying SSH protocol is network performance limited by statically defined internal flow control buffers. These buffers often end up acting as a brake on the network throughput of SCP especially on long and wide paths. Modifying the ssh code to allow the flow control buffers to be defined at run time eliminates this bottleneck. WWW: http://www.psc.edu/networking/projects/hpn-ssh/ -- (nil) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SSH and gigabit NICs
The setup: Both machines FreeBSD/i386 5.4 a) AMD64 machine with on-board Marvel Gigabit NIC b) Athlon XP with cheap SMC Gigabit NIC (also Marvel) Cabling is brand new Cat5e. Have tried various different cables of different lengths to no effect. To rule out problems with a cheap switch, I have just wired the NICs together. To benchmark, I had a huge bz2 file (430Mb) which I copied with scp and ftp from machine a to machine b. On cheap NetGear 100Mb cards, the transfers both took ~40 seconds which is ~80Mbit. On the new Gigabit hardware, ftp drops to 17 seconds, but scp takes longer! Out of the box (no tweaking of any relevant parameters) it now takes over 53 seconds. After tweaking tons of stuff, I can make scp take maybe 43 seconds, but at those settings, ftp takes well over a minute! What is going on? I know that 17 seconds for the ftp is hardly stellar (200+Mbit or so) but for £50 I could live with that. But for ssh to get slower just boggles. These days, almost anything you do over a network ends up using ssh -- specifically I was hoping to make rsyncs faster -- but for them to get slower? I've seen odd ssh network behaviour on other boxen. A couple old Linux servers were 2-3 times slower for ssh than ftp, but I put it down to oldness and Linux and general weirdness. They were on a 100Mbit network. When I monitor with systat -ifstat I can see ftp keeping up a reasonably regular transfer rate, but when I watch the ssh, it yoyos up and down wildly, but still never gets above about 80Mbit. Both machines have plenty of idle CPU and the ssh is not compressed. Does anyone have a clue what might be going on? So far I have tried: HZ=1000 on both machines. No effect. various net.inet.tcp.recvspace and net.inet.tcp.recvspace values on both machines. About 4096 (down from the default of 32768) makes ssh work best, but stuffs ftp. 65536 improves ftp a bit but ssh goes up to 53 seconds (~64Mbit). MTU values of 5-9000. ~6000 the scp seems to start a bit faster (maybe 100Mbit) but soon drops back into the 60s. Before anyone asks, the driver doesn't seem to support polling. --Alex, baffled and really quite annoyed. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]