Greetings, As you may be aware, the Dev team has been able to get OpenSSL cryptodev support for the Geode LX (net5501 and Alix.) in trunk.
I've done some testing using OpenVPN with BF-CBC and AES-128-CBC ciphers on a Soekris net5501 500Mhz/512MB Below are benchmarks using FTP to /tmp on AstLinux in an OpenVPN tunnel. CPU load tests were done with a 14 Mbps speed test stream, traffic in/ out to net5501 via OpenVPN tunnel, then NAT'ed out/in to the internet, configured with Arno's firewall, traffic shaper disabled. As a baseline, OpenVPN configured with no encryption yields 26 Mbits/ sec. No OpenVPN 90 Mbits/sec. AstLinux 0.6.2 - OpenVPN Throughput ======================= BF-CDC - 20 Mbits/sec - 55% CPU Load @14Mbps AES-128-CBC - 15 Mbits/sec - 63% CPU Load @14Mbps -- AstLinux trunk-2227 - OpenVPN Throughput No OpenSSL_OCF CryptDev support =========================== BF-CDC - 18 Mbits/sec - 48% CPU Load @14Mbps AES-128-CBC - 15 Mbits/sec - 58% CPU Load @14Mbps -- AstLinux trunk-2227 - OpenVPN Throughput With OpenSSL_OCF CryptDev support =========================== BF-CDC - 15 Mbits/sec - 25% CPU Load @14Mbps AES-128-CBC - 20 Mbits/sec - 25% CPU Load @14Mbps -- What I find interesting, the Geode LX only supports AES-128, but BlowFish seems to be benefitted CPU-wise but lower throughput. Also, the non-accelerated trunk has slight lower BlowFish performance than 0.6.2. In conclusion, it appears to me that using AES-128-CBC with OpenSSL_OCF CryptDev support is a no-brainer for the net5501, others concur? If anyone has any insights/opinions to these results, please comment. Lonnie ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
