Not understanding openssl speed testing

newbieuser1234 · Jan 11, 2014, 5:05 PM

Here's what I get with a 1ghz, 1gb of ram system.

$ openssl speed -evp aes-128-cbc
OpenSSL 0.9.8y 5 Feb 2013
built on: date not available
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
compiler: cc
available timing options: USE_TOD HZ=128 [sysconf value]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 36179.26k 143009.13k 644663.29k 2845250.27k 5015768.88k

Here's what I get on a 64bit 1.8ghz atom dual core with 4gb of ram.

$ openssl speed -evp aes-128-cbc
To get the most accurate results, try to run this
program when this computer is idle.
Doing aes-128-cbc for 3s on 16 size blocks: 4196830 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 64 size blocks: 1178546 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 256 size blocks: 304592 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 1024 size blocks: 76721 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 8192 size blocks: 9623 aes-128-cbc's in 3.01s
OpenSSL 0.9.8y 5 Feb 2013
built on: date not available
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: cc
available timing options: USE_TOD HZ=128 [sysconf value]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 22327.68k 25063.17k 25909.76k 26104.47k 26193.03k

Am i reading the results correctly for vpn throughput on my dual core as not even 1mbp and the 1ghz as 5mps? How is the vpn throughput measured when an alix without the accelerator s advertised at far more than my dual core with 16 times the ram?

jimp · Jan 13, 2014, 9:19 PM

Try using -elapsed

e.g.

/usr/local/bin/openssl speed -evp aes-128-cbc -elapsed

Neither of those produce an accurate estimate of what your potential throughput may be. That largely depends on the packet size (anywhere from 64 to 1500 bytes) of data flowing over a VPN link.

newbieuser1234 · Jan 13, 2014, 10:24 PM

I get the same result when using -elapsed. I guess my question is, how do commercial entities like netgate figure out the throughput over openvpn, ipsec, etc for their devices they sell? Is there a command I can run to benchmark one device against another? Whether the number given is accurate or not, at least I could run the same command on all machines and see which one is more powerful. Or does it basically amount to "an i7 with 16gb of ram" will do better than an atom with 4gb of ram kind of logic?

jimp · Jan 14, 2014, 1:53 AM

The testing done for throughput measurements is done using a live VPN and real traffic, no estimates.

newbieuser1234 · Jan 14, 2014, 2:17 AM

What tools are used to measure it ?

jimp · Jan 23, 2014, 3:25 PM

iperf is what we normally use. On endpoints beyond the firewall on each side.