[Openswan Users] IPSec performance
Paul Wouters
paul at xelerance.com
Tue Oct 4 19:19:54 CEST 2005
On Tue, 4 Oct 2005, kumar nani wrote:
> Is there any limitation on the IPSec performance in
> tunnel mode.Currently I am using two linux PC's with
> openswan-2.3.0 installed on them.I made a tunnel setup
> using the above two PC's as gateways and two more PC's
> as the leftsubnet & rightsubnet for those two PC's
> running as gateways.After the tunnel got established ,
> I measured the performance using iperf bandwidth
> measurement tool, and I got 75Mbps udp bandwidth.But
> the thing is I have seen that the high end routers are
> giving only 45Mbps(max) as VPN throughput.I am
> doubting whether performance depends on clock speed of
> the cpu and also number of tunnels configured.Is it
> correct.Can anybody tell me what exactly the
> performance factor will depend upon.
The amount of tunnels doesnt matter as much, as that only
adds some IKE overhead that happens once every hour (or keylife)
The cipher/algo combination used is probably the most serious
impact on performance. Ofcourse it depends on the CPU speed as well.
If you are using 3DES, you can probably see an increase when switching
to AES.
I would be interested in getting a few more details on the hardware
used and the performance numbers obtained.
Paul
More information about the Users
mailing list