I'm interested in ballpark IMIX and IPERF over IPSEC throughput for these older models
8 core CPU - C2758 any results from models SG-8860, C2758 4 core CPU C2558 SG-4860, E3845 MBT-4220 C2358 SG-2440 2 core E3826 MBT-2220 C2338 SG-2220Or -
Where do these older boxes line up against the 4100 and 6100 appliances in terms IPSEC throughput?
For ipsec throughput, are there general trends / corellations with core counts vs base cpu clockspeed vs number of tunnels
acknowledging in practical terms, we're probably bottlenecked by the ISP's offnet traffic shaping
Qualitatively, how does Wireguard throughput compare against IPSec without QAT acceleratoin on CE ?
I'll assume past C3558 based appliances, perform roughly about the same as the 6100, assuming 1 gbit interfaces.
I got side tracked with IPERF3 - the top google result points to an out of date windows binaries from 2016.
Future readers looking for an IPERF3 Windows client, should visit the IPERF3 author/developers at https://software.es.net/iperf/ for a link to current binaries.
Here's a data point from a pair of SG-2220 's
2 core atom C2338, no QAT
Running Plus ( 23.01 )
Through NAT , minimal firewall rules, 500 to 600 mbit throughput ( Iperf3 , and netflix's fast.com )
IPERF3 over IPSEC
IPERF3 3.13, Windows clients on interface ETH1, and IPSEC ( async crypto on, AES-128-GCM VTI ) on ETH0
I get between 275 and 350 mbit, depending on IPERF3 options, number of streams (-p) , uni vs bi directional etc.
Packet capture of the IPSEC interface showed a 1360 byte TCP payload, in agreement with a 1400 byte MTU
A back of the envelope calc yields about 33k packets per second.
I couldn't get the windows binarier of IPERF3 to generate smaller frames. The MSS option may not be implemented on the windows version.
(With AES disabled / misconfigured as QAT under system, advanced, misc, throughput was about 110 mbit. )
