Openssl speed tests results
-
Hi guys
I have a supermicro C2758 mini ITX board running pfsense 2.3.2. I was curious about its openssl performance and ran some tests. I have also tried to run the Synology DSM 6.0.2 on it as well (xpenology). here are the results:
The command I used are (in order):
without cryptochip: openssl speed aes-256-cbc
with cryptochip: openssl speed -elapsed -evp aes-256-cbc
without cryptochip: env OPENSSL_ia32cap=0 openssl speed -elapsed -evp aes-256-gcm
with cryptochip: openssl speed -elapsed -evp aes-256-gcmpfsense
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256 cbc 30009.29k 32872.73k 34107.56k 88327.51k 89552.21k
aes-256-cbc 5093.88k 19207.19k 64474.37k 153268.57k 250006.19k
aes-256-gcm 23096.27k 26460.12k 27718.91k 28018.75k 28161.37k
aes-256-gcm 110406.57k 187576.15k 236987.26k 256166.23k 260928.85kDSM6
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytesaes-256 cbc 28385.84k 30940.80k 31830.75k 88723.11k 89967.27k
aes-256-cbc 167312.87k 239838.31k 281869.82k 294749.18k 298554.71k
aes-256-gcm 22487.40k 25803.63k 26825.13k 27110.40k 27235.67k
aes-256-gcm 107303.03k 203501.85k 271777.62k 299456.51k 307303.77kthe DSM has a better performance. DSM uses a different version of openssl. Is this what makes the performance difference? Here is detail of the DSM output:
OpenSSL 1.0.2h-fips 3 May 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: /usr/local/x86_64-pc-linux-gnu/bin/x86_64-pc-linux-gnu-ccache-gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,–noexecstack -DSYNOPLAT_F_X86_64 -DSYNO_BROMOLOW -DSYNO_SAS -O2 -DBUILD_ARCH=64 -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DSYNO_PLATFORM=BROMOLOW -DSYNO_RUNNING_DSM_BUILD_SYSTEM -g -pipe -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -O2 -Wno-unused-result -Wl,-z,relro -Wl,--as-needed -Wl,--no-undefined -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -I/usr/local/x86_64-pc-linux-gnu/x86_64-pc-linux-gnu/sys-root/usr//include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -
Maybe even because Synology/DSM is running Linux not BSD?
-
tigs, can you add the results of:
openssl speed -evp aes-256-cbc
-
tigs, can you add the results of:
openssl speed -evp aes-256-cbc
What do these result mean in real life? Does this mean a linux based firewall will perform better? Is the lower performance with pfsense due to limitation of freeBSD or optimization of freeBSD/pfsense? Can this be improved or optimized?
I have also tested this board with ipfire, which is also linux based with newer openssl, its performance is exactly the same as synology DSM, better than pfsense.
Thanks.
I was told that specific test you mentioned does not make much sense. I have already reverted to pfsense, a therefore, I can only test pfsense later.
The above answer was meant to ask the person above your post. I am on a cell phone, inaccurate.
[2.3.2-RELEASE][admin@pfSense.localdomain]/root: openssl speed -evp aes-256-cbc Doing aes-256-cbc for 3s on 16 size blocks: 934150 aes-256-cbc's in 0.31s Doing aes-256-cbc for 3s on 64 size blocks: 917102 aes-256-cbc's in 0.29s Doing aes-256-cbc for 3s on 256 size blocks: 760390 aes-256-cbc's in 0.32s Doing aes-256-cbc for 3s on 1024 size blocks: 451081 aes-256-cbc's in 0.18s Doing aes-256-cbc for 3s on 8192 size blocks: 92679 aes-256-cbc's in 0.05s OpenSSL 1.0.1s-freebsd 1 Mar 2016 built on: date not available options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: clang The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 47828.48k 203051.34k 607718.52k 2570612.56k 13882996.44k
-
What do these result mean in real life?
Nothing because you need -elapsed on there for it to tell you anything meaningful in a real-world context.