Re: [Swan] Libreswan Performance tests

2015-01-12 Thread Muenz, Michael
Am 12.01.2015 um 10:46 schrieb Muenz, Michael: Am 09.01.2015 um 17:28 schrieb Paul Wouters: So using phase2alg=aes_gcm128-null will be interesting. It might get you a little closer to 1Gbps provided you are CPU bound. If it remains at 902 Mbit/s your CPU is not your limiting factor. Here are

Re: [Swan] Libreswan Performance tests

2015-01-12 Thread Muenz, Michael
Am 09.01.2015 um 17:28 schrieb Paul Wouters: So using phase2alg=aes_gcm128-null will be interesting. It might get you a little closer to 1Gbps provided you are CPU bound. If it remains at 902 Mbit/s your CPU is not your limiting factor. Here are my results with 9000 (1GBit IF) AES128GCM-NULL:

Re: [Swan] Libreswan Performance tests

2015-01-09 Thread Paul Wouters
On Fri, 9 Jan 2015, Muenz, Michael wrote: So in this test it was: ike=aes256-sha1;modp2048 phase2alg=aes256-sha1;modp2048 This is the output with NETKEY (huge gain with tcp / window 512): TCP tests [ 3] 0.0-10.0 sec 1.05 GBytes 902 Mbits/sec This system is only AES-N

Re: [Swan] Libreswan Performance tests

2015-01-09 Thread Muenz, Michael
Am 09.01.2015 um 14:21 schrieb Michael Schwartzkopff: Am Freitag, 9. Januar 2015, 14:08:03 schrieb Muenz, Michael: Hey, for a small project I have 2 Nexcom NSA3150 appliances here and did some performance testing. Thought you would be interested in too. The setup is 2 boxes with a L3 Cataylst

Re: [Swan] Libreswan Performance tests

2015-01-09 Thread Muenz, Michael
Am 09.01.2015 um 14:55 schrieb Paul Wouters: I'd be interested in the esp= algos listed on the above libreswan page. Note that some of those algorithms are not available for KLIPS. So in this test it was: ike=aes256-sha1;modp2048 phase2alg=aes256-sha1;modp2048 I'll play around

Re: [Swan] Libreswan Performance tests

2015-01-09 Thread Paul Wouters
On Fri, 9 Jan 2015, Muenz, Michael wrote: for a small project I have 2 Nexcom NSA3150 appliances here and did some performance testing. Thought you would be interested in too. The setup is 2 boxes with a L3 Cataylst between doing the routing. Behind the Firewalls 2 PC's. On every system Debia

Re: [Swan] Libreswan Performance tests

2015-01-09 Thread Michael Schwartzkopff
Am Freitag, 9. Januar 2015, 14:08:03 schrieb Muenz, Michael: > Hey, > > for a small project I have 2 Nexcom NSA3150 appliances here and did some > performance testing. > Thought you would be interested in too. > > The setup is 2 boxes with a L3 Cataylst between doing the routing. > Behind the Fir

[Swan] Libreswan Performance tests

2015-01-09 Thread Muenz, Michael
Hey, for a small project I have 2 Nexcom NSA3150 appliances here and did some performance testing. Thought you would be interested in too. The setup is 2 boxes with a L3 Cataylst between doing the routing. Behind the Firewalls 2 PC's. On every system Debian 8 is installed. Libreswan 3.12 is