Created attachment 611903 [details] sysprof saved profiles for 3des-sha1 and aes256 Description of problem: 3des-sha1-96 encrypting privide 5 times less productivity as ase256. Version-Release number of selected component (if applicable): 3.4.9-2.fc16.i686.PAE How reproducible: 100% Steps to Reproduce: 1. install and setup openswan 2. prepare 3des-sha1-96 configuration for 2 hosts 3. prepare ase256-sha configuration for the same 2 hosts 4. connect 2 hosts by 1G ethernet 5. test network productivity by iperf (no_vpn/ 3des / aes256) Actual results: ============================= ==> no VPN ( clean ethernet) ============================= [root@ua-dudn00000 ~]# iperf -s -p 65000 ------------------------------------------------------------ Server listening on TCP port 65000 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ [ 4] local 10.x.x.104 port 65000 connected with 10.x.x.100 port 39617 [ ID] Interval Transfer Bandwidth [ 4] 0.0-100.0 sec 7.15 GBytes 614 Mbits/sec [ 5] local 10.x.x.104 port 65000 connected with 10.x.x.100 port 39618 [ 5] 0.0-100.1 sec 7.14 GBytes 613 Mbits/sec =============== == > 3des-sha1 =============== [root@homedesk ipsec.d]# iperf -c 10.x.x.104 -p 65000 -t 100 ------------------------------------------------------------ Client connecting to 10.x.x.104, TCP port 65000 TCP window size: 21.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.x.x.100 port 39620 connected with 10.x.x.104 port 65000 [ ID] Interval Transfer Bandwidth [ 3] 0.0-100.1 sec 636 MBytes 53.4 Mbits/sec ================ ==> aes256-sha1 ================ [root@homedesk ipsec.d]# iperf -c 10.x.x.104 -p 65000 -t 100 ------------------------------------------------------------ Client connecting to 10.x.x.104, TCP port 65000 TCP window size: 21.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.x.x.100 port 39621 connected with 10.x.x.104 port 65000 [ ID] Interval Transfer Bandwidth [ 3] 0.0-100.0 sec 2.90 GBytes 249 Mbits/sec Expected results: 3des have to be not so much slowest as aes256. Additional info: PC for test : -------------- 1. CPU: E6850 @3.00GHz 2. RAM: 6Go
This is not going to be fixed in F16, at least not directly. It's not even clear from the report that it is an actual bug or a regression. Differing crypto algorithm implementations are going to have various performance impacts. If you feel 3des is too slow, perhaps you could work with the upstream crypto maintainers to improve it.