[Openswan Users] Speed Results

[Paul Wouters]

On Wed, 14 Feb 2007, Scott T. Cameron wrote:

> I was wondering if anyone could point me to some speed test results for
> IPSEC?  KLIPS and NETKEY modules would be great.
>
> I'm using kernel 2.6.18 w/ NETKEY and esp=AES-128-SHA1 and can only get
> about 220 Mb/s on a 2x Xeon 3 Ghz and 2 gigs of RAM.

In the past KLIPS used to be faster, because we used handcrafted assembly
code, optimised for i386. But that code was never optimized for i686, and I
believe by now isn't used when compiling KLIPS.

If you want to do a quick KLIPS module compile and test the speed on the
same hardware ,that would give us some interesting figures.

> I am wondering if this is below normal, normal or above normal?

It looks pretty good. For more performance, you'll have to check out the
openswan 2.5 or openswan 3.x series with OCF (Open Cryptographic Framework)
support. And perhaps buy one of the supported hardware cards, such as a
Hifn card.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155