Not understanding openssl speed testing



  • Here's what I get with a 1ghz, 1gb of ram system.

    $ openssl speed -evp aes-128-cbc
    OpenSSL 0.9.8y 5 Feb 2013
    built on: date not available
    options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
    compiler: cc
    available timing options: USE_TOD HZ=128 [sysconf value]
    timing function used: getrusage
    The 'numbers' are in 1000s of bytes per second processed.
    type            16 bytes    64 bytes    256 bytes  1024 bytes  8192 bytes
    aes-128-cbc      36179.26k  143009.13k  644663.29k  2845250.27k  5015768.88k

    Here's what I get on a 64bit 1.8ghz atom dual core with 4gb of ram.

    $ openssl speed -evp aes-128-cbc
    To get the most accurate results, try to run this
    program when this computer is idle.
    Doing aes-128-cbc for 3s on 16 size blocks: 4196830 aes-128-cbc's in 3.01s
    Doing aes-128-cbc for 3s on 64 size blocks: 1178546 aes-128-cbc's in 3.01s
    Doing aes-128-cbc for 3s on 256 size blocks: 304592 aes-128-cbc's in 3.01s
    Doing aes-128-cbc for 3s on 1024 size blocks: 76721 aes-128-cbc's in 3.01s
    Doing aes-128-cbc for 3s on 8192 size blocks: 9623 aes-128-cbc's in 3.01s
    OpenSSL 0.9.8y 5 Feb 2013
    built on: date not available
    options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
    compiler: cc
    available timing options: USE_TOD HZ=128 [sysconf value]
    timing function used: getrusage
    The 'numbers' are in 1000s of bytes per second processed.
    type            16 bytes    64 bytes    256 bytes  1024 bytes  8192 bytes
    aes-128-cbc      22327.68k    25063.17k    25909.76k    26104.47k    26193.03k

    Am i reading the results correctly for vpn throughput on my dual core as not even 1mbp and the 1ghz as 5mps?  How is the vpn throughput measured when an alix without the accelerator s advertised at far more than my dual core with 16 times the ram?


  • Rebel Alliance Developer Netgate

    Try using -elapsed

    e.g.

    /usr/local/bin/openssl speed -evp aes-128-cbc -elapsed
    

    Neither of those produce an accurate estimate of what your potential throughput may be. That largely depends on the packet size (anywhere from 64 to 1500 bytes) of data flowing over a VPN link.



  • I get the same result when using -elapsed. I guess my question is, how do commercial entities like netgate figure out the throughput over openvpn, ipsec, etc for their devices they sell?  Is there a command I can run to benchmark one device against another? Whether the number given is accurate or not, at least I could run the same command on all machines and see which one is more powerful.  Or does it basically amount to "an i7 with 16gb of ram" will do better than an atom with 4gb of ram kind of logic?


  • Rebel Alliance Developer Netgate

    The testing done for throughput measurements is done using a live VPN and real traffic, no estimates.



  • What tools are used to measure it ?


  • Rebel Alliance Developer Netgate

    iperf is what we normally use. On endpoints beyond the firewall on each side.


Log in to reply