Bug 856336 - 3des ipsec performance regression
3des ipsec performance regression
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
16
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-11 15:50 EDT by Sergei LITVINENKO
Modified: 2012-09-11 17:25 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-09-11 17:25:50 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
sysprof saved profiles for 3des-sha1 and aes256 (445.59 KB, application/zip)
2012-09-11 15:50 EDT, Sergei LITVINENKO
no flags Details

  None (edit)
Description Sergei LITVINENKO 2012-09-11 15:50:54 EDT
Created attachment 611903 [details]
sysprof saved profiles for 3des-sha1 and aes256

Description of problem:
3des-sha1-96 encrypting privide 5 times less productivity as ase256.

Version-Release number of selected component (if applicable):
3.4.9-2.fc16.i686.PAE

How reproducible:
100%

Steps to Reproduce:
1. install and setup openswan
2. prepare 3des-sha1-96 configuration for 2 hosts
3. prepare ase256-sha configuration for the same 2 hosts 
4. connect 2 hosts by 1G ethernet
5. test network productivity by iperf (no_vpn/ 3des / aes256)
  
Actual results:
=============================
==> no VPN ( clean ethernet)
=============================
[root@ua-dudn00000 ~]# iperf -s -p 65000
------------------------------------------------------------
Server listening on TCP port 65000
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[  4] local 10.x.x.104 port 65000 connected with 10.x.x.100 port 39617
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-100.0 sec  7.15 GBytes   614 Mbits/sec
[  5] local 10.x.x.104 port 65000 connected with 10.x.x.100 port 39618
[  5]  0.0-100.1 sec  7.14 GBytes   613 Mbits/sec

===============
== > 3des-sha1
===============
[root@homedesk ipsec.d]# iperf -c 10.x.x.104 -p 65000 -t 100
------------------------------------------------------------
Client connecting to 10.x.x.104, TCP port 65000
TCP window size: 21.0 KByte (default)
------------------------------------------------------------
[  3] local 10.x.x.100 port 39620 connected with 10.x.x.104 port 65000
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-100.1 sec   636 MBytes  53.4 Mbits/sec

================
==> aes256-sha1
================
[root@homedesk ipsec.d]# iperf -c 10.x.x.104 -p 65000 -t 100
------------------------------------------------------------
Client connecting to 10.x.x.104, TCP port 65000
TCP window size: 21.0 KByte (default)
------------------------------------------------------------
[  3] local 10.x.x.100 port 39621 connected with 10.x.x.104 port 65000
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-100.0 sec  2.90 GBytes   249 Mbits/sec

Expected results:

3des have to be not so much slowest as aes256.

Additional info:

PC for test : 
--------------
1. CPU: E6850  @3.00GHz
2. RAM: 6Go
Comment 1 Josh Boyer 2012-09-11 17:25:50 EDT
This is not going to be fixed in F16, at least not directly.  It's not even clear from the report that it is an actual bug or a regression.

Differing crypto algorithm implementations are going to have various performance impacts.  If you feel 3des is too slow, perhaps you could work with the upstream crypto maintainers to improve it.

Note You need to log in before you can comment on or make changes to this bug.