926Mbps over AES-GCM tunnel (real world link)


  • Netgate

    172.21.0.106 (8860)  FreeBSD -CURRENT

    [switched LAN]

    172.21.0.1 pfSense 2.3 (4860)
    (Not going to give you the real-wold IP address)

    [Real World 1Gbps path with AES-GCM-128 IPSec running]

    172.27.12.17 pfSense 2.2.5 (C2758)
    (Not going to give you the real-wold IP address)

    [switched LAN]

    172.27.12.18 (C2758) FreeBSD -CURRENT

    jim@home-8860:~ % iperf3 -c 172.27.12.18 -P 4 -u -b 250M
    Connecting to host 172.27.12.18, port 5201
    [  4] local 172.21.0.106 port 10311 connected to 172.27.12.18 port 5201
    [  6] local 172.21.0.106 port 41141 connected to 172.27.12.18 port 5201
    [  8] local 172.21.0.106 port 16997 connected to 172.27.12.18 port 5201
    [ 10] local 172.21.0.106 port 23233 connected to 172.27.12.18 port 5201
    [ ID] Interval          Transfer    Bandwidth      Total Datagrams
    [  4]  0.00-1.00  sec  27.8 MBytes  233 Mbits/sec  37767 
    [  6]  0.00-1.00  sec  27.5 MBytes  231 Mbits/sec  3561 
    [  8]  0.00-1.00  sec  26.8 MBytes  225 Mbits/sec  3521 
    [ 10]  0.00-1.00  sec  23.5 MBytes  197 Mbits/sec  3429 
    [SUM]  0.00-1.00  sec  106 MBytes  886 Mbits/sec  48278


    [  4]  1.00-2.00  sec  28.8 MBytes  242 Mbits/sec  48160 
    [  6]  1.00-2.00  sec  29.2 MBytes  245 Mbits/sec  3744 
    [  8]  1.00-2.00  sec  28.7 MBytes  241 Mbits/sec  4173 
    [ 10]  1.00-2.00  sec  24.4 MBytes  205 Mbits/sec  3673 
    [SUM]  1.00-2.00  sec  111 MBytes  932 Mbits/sec  59750


    [  4]  2.00-3.00  sec  29.3 MBytes  245 Mbits/sec  48430 
    [  6]  2.00-3.00  sec  29.2 MBytes  245 Mbits/sec  3745 
    [  8]  2.00-3.00  sec  28.9 MBytes  242 Mbits/sec  3737 
    [ 10]  2.00-3.00  sec  23.6 MBytes  198 Mbits/sec  3698 
    [SUM]  2.00-3.00  sec  111 MBytes  931 Mbits/sec  59610


    [  4]  3.00-4.00  sec  29.2 MBytes  245 Mbits/sec  48500 
    [  6]  3.00-4.00  sec  29.2 MBytes  245 Mbits/sec  3739 
    [  8]  3.00-4.00  sec  28.9 MBytes  243 Mbits/sec  3737 
    [ 10]  3.00-4.00  sec  23.6 MBytes  198 Mbits/sec  3704 
    [SUM]  3.00-4.00  sec  111 MBytes  931 Mbits/sec  59680


    [  4]  4.00-5.00  sec  29.2 MBytes  245 Mbits/sec  48415 
    [  6]  4.00-5.00  sec  29.2 MBytes  245 Mbits/sec  3740 
    [  8]  4.00-5.00  sec  28.9 MBytes  242 Mbits/sec  3738 
    [ 10]  4.00-5.00  sec  23.5 MBytes  197 Mbits/sec  3695 
    [SUM]  4.00-5.00  sec  111 MBytes  929 Mbits/sec  59588


    [  4]  5.00-6.00  sec  29.7 MBytes  249 Mbits/sec  48324 
    [  6]  5.00-6.00  sec  29.7 MBytes  249 Mbits/sec  3802 
    [  8]  5.00-6.00  sec  29.5 MBytes  247 Mbits/sec  3802 
    [ 10]  5.00-6.00  sec  24.1 MBytes  203 Mbits/sec  3771 
    [SUM]  5.00-6.00  sec  113 MBytes  948 Mbits/sec  59699


    [  4]  6.00-7.00  sec  28.7 MBytes  241 Mbits/sec  48796 
    [  6]  6.00-7.00  sec  28.7 MBytes  241 Mbits/sec  3675 
    [  8]  6.00-7.00  sec  28.4 MBytes  238 Mbits/sec  3674 
    [ 10]  6.00-7.00  sec  23.0 MBytes  193 Mbits/sec  3635 
    [SUM]  6.00-7.00  sec  109 MBytes  913 Mbits/sec  59780


    [  4]  7.00-8.00  sec  29.2 MBytes  245 Mbits/sec  48446 
    [  6]  7.00-8.00  sec  29.2 MBytes  245 Mbits/sec  3743 
    [  8]  7.00-8.00  sec  28.7 MBytes  241 Mbits/sec  3742 
    [ 10]  7.00-8.00  sec  23.5 MBytes  198 Mbits/sec  3678 
    [SUM]  7.00-8.00  sec  111 MBytes  929 Mbits/sec  59609


    [  4]  8.00-9.00  sec  29.2 MBytes  245 Mbits/sec  48439 
    [  6]  8.00-9.00  sec  29.2 MBytes  245 Mbits/sec  3742 
    [  8]  8.00-9.00  sec  28.9 MBytes  242 Mbits/sec  3733 
    [ 10]  8.00-9.00  sec  23.5 MBytes  197 Mbits/sec  3699 
    [SUM]  8.00-9.00  sec  111 MBytes  930 Mbits/sec  59613


    [  4]  9.00-10.00  sec  29.2 MBytes  245 Mbits/sec  48411 
    [  6]  9.00-10.00  sec  29.2 MBytes  245 Mbits/sec  3743 
    [  8]  9.00-10.00  sec  29.1 MBytes  244 Mbits/sec  3741 
    [ 10]  9.00-10.00  sec  23.4 MBytes  196 Mbits/sec  3719 
    [SUM]  9.00-10.00  sec  111 MBytes  930 Mbits/sec  59614


    [ ID] Interval          Transfer    Bandwidth      Jitter    Lost/Total Datagrams
    [  4]  0.00-10.00  sec  290 MBytes  244 Mbits/sec  0.332 ms  444978/470526 (95%) 
    [  4] Sent 470526 datagrams
    [  6]  0.00-10.00  sec  290 MBytes  244 Mbits/sec  0.320 ms  11530/36990 (31%) 
    [  6] Sent 36990 datagrams
    [  8]  0.00-10.00  sec  287 MBytes  241 Mbits/sec  0.341 ms  12182/37354 (33%) 
    [  8] Sent 37354 datagrams
    [ 10]  0.00-10.00  sec  236 MBytes  198 Mbits/sec  0.265 ms  15637/36457 (43%) 
    [ 10] Sent 36457 datagrams
    [SUM]  0.00-10.00  sec  1.08 GBytes  926 Mbits/sec  0.315 ms  484327/581327 (83%)

    iperf Done.
    jim@home-8860:~ %

    And there is still room for improvement.



  • Looking good  ;)

    I'm having some issues with fragmentation when using IPSec on PfSense. Would you be able to have a look at my topic and see if you are experiencing the same issues? Is your PMTU working properly?

    https://forum.pfsense.org/index.php?topic=99995.0

    Thanks.


  • Netgate

    Can you try:

    sysctl -w net.inet.ipsec.dfbit=1

    on both boxes, and report back?



  • Please let me know what you used for both P1 and P2.  I used the same algorithm for my P1 and I can barely pass more than 30 Mbit across VPN.  My office has 1gbit up/down on C2758 supermicro with 8gb ram with aes-ni enabled on 2.2.6

    Remote side is 1gbit in, 500mbit out.  Running 2.2.6 in Hyper-V.


Log in to reply