856336 – 3des ipsec performance regression

Bug 856336 - 3des ipsec performance regression

Summary: 3des ipsec performance regression

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	16
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-09-11 19:50 UTC by Sergei LITVINENKO
Modified:	2012-09-11 21:25 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-09-11 21:25:50 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
sysprof saved profiles for 3des-sha1 and aes256 (445.59 KB, application/zip) 2012-09-11 19:50 UTC, Sergei LITVINENKO	no flags	Details
View All

Description Sergei LITVINENKO 2012-09-11 19:50:54 UTC

Created attachment 611903 [details]
sysprof saved profiles for 3des-sha1 and aes256

Description of problem:
3des-sha1-96 encrypting privide 5 times less productivity as ase256.

Version-Release number of selected component (if applicable):
3.4.9-2.fc16.i686.PAE

How reproducible:
100%

Steps to Reproduce:
1. install and setup openswan
2. prepare 3des-sha1-96 configuration for 2 hosts
3. prepare ase256-sha configuration for the same 2 hosts 
4. connect 2 hosts by 1G ethernet
5. test network productivity by iperf (no_vpn/ 3des / aes256)
  
Actual results:
=============================
==> no VPN ( clean ethernet)
=============================
[root@ua-dudn00000 ~]# iperf -s -p 65000
------------------------------------------------------------
Server listening on TCP port 65000
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[  4] local 10.x.x.104 port 65000 connected with 10.x.x.100 port 39617
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-100.0 sec  7.15 GBytes   614 Mbits/sec
[  5] local 10.x.x.104 port 65000 connected with 10.x.x.100 port 39618
[  5]  0.0-100.1 sec  7.14 GBytes   613 Mbits/sec

===============
== > 3des-sha1
===============
[root@homedesk ipsec.d]# iperf -c 10.x.x.104 -p 65000 -t 100
------------------------------------------------------------
Client connecting to 10.x.x.104, TCP port 65000
TCP window size: 21.0 KByte (default)
------------------------------------------------------------
[  3] local 10.x.x.100 port 39620 connected with 10.x.x.104 port 65000
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-100.1 sec   636 MBytes  53.4 Mbits/sec

================
==> aes256-sha1
================
[root@homedesk ipsec.d]# iperf -c 10.x.x.104 -p 65000 -t 100
------------------------------------------------------------
Client connecting to 10.x.x.104, TCP port 65000
TCP window size: 21.0 KByte (default)
------------------------------------------------------------
[  3] local 10.x.x.100 port 39621 connected with 10.x.x.104 port 65000
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-100.0 sec  2.90 GBytes   249 Mbits/sec

Expected results:

3des have to be not so much slowest as aes256.

Additional info:

PC for test : 
--------------
1. CPU: E6850  @3.00GHz
2. RAM: 6Go

Comment 1 Josh Boyer 2012-09-11 21:25:50 UTC

This is not going to be fixed in F16, at least not directly.  It's not even clear from the report that it is an actual bug or a regression.

Differing crypto algorithm implementations are going to have various performance impacts.  If you feel 3des is too slow, perhaps you could work with the upstream crypto maintainers to improve it.

Note You need to log in before you can comment on or make changes to this bug.