From owner-freebsd-questions  Tue Sep  3 20:36:46 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 15E4837B405
	for <freebsd-questions@freebsd.org>; Tue,  3 Sep 2002 20:36:43 -0700 (PDT)
Received: from smtp2.sentex.ca (smtp2.sentex.ca [199.212.134.9])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8D49643E65
	for <freebsd-questions@freebsd.org>; Tue,  3 Sep 2002 20:36:42 -0700 (PDT)
	(envelope-from mike@sentex.net)
Received: from house (cage.simianscience.com [64.7.134.1])
	by smtp2.sentex.ca (8.12.5/8.12.5) with SMTP id g843aeeN076985;
	Tue, 3 Sep 2002 23:36:41 -0400 (EDT)
	(envelope-from mike@sentex.net)
From: Mike Tancsa <mike@sentex.net>
To: Christopher Smith <csmith@its.uq.edu.au>
Cc: freebsd-questions@freebsd.org
Subject: Re: IPSec performance
Date: Tue, 03 Sep 2002 23:36:44 -0400
Message-ID: <lrvanuoijr7tol6p496vmli6idpq0imf3f@4ax.com>
References: <20020902074849.GA43188@xor.obsecurity.org> <mailman.1031001965.17764.fquestions-l@lists.sentex.ca>
In-Reply-To: <mailman.1031001965.17764.fquestions-l@lists.sentex.ca>
X-Mailer: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Mon, 02 Sep 2002 21:31:27 +1000, in sentex.lists.freebsd.questions you
wrote:

>On 2/9/02 5:48 PM, "Kris Kennaway" <kris@obsecurity.org> wrote:
>
>> On Mon, Sep 02, 2002 at 01:26:25PM +1000, Christopher Smith wrote:
>>> I've been doing some experiments with IPSec between some FreeBSD =
hosts and
>>> have been quite disappointed by performance.  I've followed the howto=
 at
>>> Daemon News and experimented with a few different algorithms but I =
can't
>>> seem to get more than about 5MB/sec over the wire.  Both machines are=
 Dell
>>> 1650s connected via a crossover cable on their GB ethernet ports.
>>> Non-encrypted speed is around the 30MB/sec mark.
>>=20
>> Encryption is by definition very CPU-intensive.
>
>I'm aware of that.  However, I would have thought a pair of 1.13GHz P3s
>would be capable of shuffling more than 5MB/sec over the wire.

When you are doing your tests, is the CPU maxed out ?  What is the load
average at that point ? Also, is that really 5MB/s (aka 40Mb/s) or did =
you
mean five megabits / second ?

	---Mike
Mike Tancsa  (mdtancsa@sentex.net)	=09
Sentex Communications Corp,   	=09
Waterloo, Ontario, Canada
"Given enough time, 100 monkeys on 100 routers=20
could setup a national IP network." (KDW2)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message