Bug 856336
| Summary: | 3des ipsec performance regression | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Sergei LITVINENKO <sergei.litvinenko> | ||||
| Component: | kernel | Assignee: | Kernel Maintainer List <kernel-maint> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 16 | CC: | gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-09-11 21:25:50 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
This is not going to be fixed in F16, at least not directly. It's not even clear from the report that it is an actual bug or a regression. Differing crypto algorithm implementations are going to have various performance impacts. If you feel 3des is too slow, perhaps you could work with the upstream crypto maintainers to improve it. |
Created attachment 611903 [details] sysprof saved profiles for 3des-sha1 and aes256 Description of problem: 3des-sha1-96 encrypting privide 5 times less productivity as ase256. Version-Release number of selected component (if applicable): 3.4.9-2.fc16.i686.PAE How reproducible: 100% Steps to Reproduce: 1. install and setup openswan 2. prepare 3des-sha1-96 configuration for 2 hosts 3. prepare ase256-sha configuration for the same 2 hosts 4. connect 2 hosts by 1G ethernet 5. test network productivity by iperf (no_vpn/ 3des / aes256) Actual results: ============================= ==> no VPN ( clean ethernet) ============================= [root@ua-dudn00000 ~]# iperf -s -p 65000 ------------------------------------------------------------ Server listening on TCP port 65000 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ [ 4] local 10.x.x.104 port 65000 connected with 10.x.x.100 port 39617 [ ID] Interval Transfer Bandwidth [ 4] 0.0-100.0 sec 7.15 GBytes 614 Mbits/sec [ 5] local 10.x.x.104 port 65000 connected with 10.x.x.100 port 39618 [ 5] 0.0-100.1 sec 7.14 GBytes 613 Mbits/sec =============== == > 3des-sha1 =============== [root@homedesk ipsec.d]# iperf -c 10.x.x.104 -p 65000 -t 100 ------------------------------------------------------------ Client connecting to 10.x.x.104, TCP port 65000 TCP window size: 21.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.x.x.100 port 39620 connected with 10.x.x.104 port 65000 [ ID] Interval Transfer Bandwidth [ 3] 0.0-100.1 sec 636 MBytes 53.4 Mbits/sec ================ ==> aes256-sha1 ================ [root@homedesk ipsec.d]# iperf -c 10.x.x.104 -p 65000 -t 100 ------------------------------------------------------------ Client connecting to 10.x.x.104, TCP port 65000 TCP window size: 21.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.x.x.100 port 39621 connected with 10.x.x.104 port 65000 [ ID] Interval Transfer Bandwidth [ 3] 0.0-100.0 sec 2.90 GBytes 249 Mbits/sec Expected results: 3des have to be not so much slowest as aes256. Additional info: PC for test : -------------- 1. CPU: E6850 @3.00GHz 2. RAM: 6Go