Not understanding openssl speed testing

newbieuser1234

Here's what I get with a 1ghz, 1gb of ram system.

$ openssl speed -evp aes-128-cbc
OpenSSL 0.9.8y 5 Feb 2013
built on: date not available
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
compiler: cc
available timing options: USE_TOD HZ=128 [sysconf value]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type            16 bytes    64 bytes    256 bytes  1024 bytes  8192 bytes
aes-128-cbc      36179.26k  143009.13k  644663.29k  2845250.27k  5015768.88k

Here's what I get on a 64bit 1.8ghz atom dual core with 4gb of ram.

$ openssl speed -evp aes-128-cbc
To get the most accurate results, try to run this
program when this computer is idle.
Doing aes-128-cbc for 3s on 16 size blocks: 4196830 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 64 size blocks: 1178546 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 256 size blocks: 304592 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 1024 size blocks: 76721 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 8192 size blocks: 9623 aes-128-cbc's in 3.01s
OpenSSL 0.9.8y 5 Feb 2013
built on: date not available
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: cc
available timing options: USE_TOD HZ=128 [sysconf value]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type            16 bytes    64 bytes    256 bytes  1024 bytes  8192 bytes
aes-128-cbc      22327.68k    25063.17k    25909.76k    26104.47k    26193.03k

Am i reading the results correctly for vpn throughput on my dual core as not even 1mbp and the 1ghz as 5mps?  How is the vpn throughput measured when an alix without the accelerator s advertised at far more than my dual core with 16 times the ram?

jimp

Try using -elapsed

e.g.

/usr/local/bin/openssl speed -evp aes-128-cbc -elapsed

Neither of those produce an accurate estimate of what your potential throughput may be. That largely depends on the packet size (anywhere from 64 to 1500 bytes) of data flowing over a VPN link.

newbieuser1234

I get the same result when using -elapsed. I guess my question is, how do commercial entities like netgate figure out the throughput over openvpn, ipsec, etc for their devices they sell?  Is there a command I can run to benchmark one device against another? Whether the number given is accurate or not, at least I could run the same command on all machines and see which one is more powerful.  Or does it basically amount to "an i7 with 16gb of ram" will do better than an atom with 4gb of ram kind of logic?

jimp

The testing done for throughput measurements is done using a live VPN and real traffic, no estimates.

newbieuser1234

What tools are used to measure it ?

jimp

iperf is what we normally use. On endpoints beyond the firewall on each side.