[ previous ] [ next ] [ threads ]
 
 From:  "Thomas Hertz" <term at cynisk dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] More throughput testing - m0n0wall to m0n0wall (wired) IPSec
 Date:  Mon, 7 Jun 2004 23:40:36 +0200
Hello James, Mitch et al. :)

I haven't done anything to make my vpn1411 work, but to pop it right in. I
do believe it's working, at least my benchmarking shows so. These are the
benchmarks running ttcp on the m0n0wall box (a net4801).

Using DES/MD5:

$ /tmp/ttcp -t -s -u 192.168.0.200
ttcp-t: buflen=8192, nbuf=2048, align=16384/0, port=5001  udp  ->
192.168.0.200
ttcp-t: socket
ttcp-t: 16777216 bytes in 4.10 real seconds = 3999.29 KB/sec +++
ttcp-t: 2054 I/O calls, msec/call = 2.04, calls/sec = 501.38
ttcp-t: 0.0user 2.3sys 0:04real 59% 18i+250d 236maxrss 0+2pf 0+2059csw

Using 3DES/MD5:

$ /tmp/ttcp -t -s -u 192.168.0.200
ttcp-t: buflen=8192, nbuf=2048, align=16384/0, port=5001  udp  ->
192.168.0.200
ttcp-t: socket
ttcp-t: 16777216 bytes in 4.11 real seconds = 3982.17 KB/sec +++
ttcp-t: 2054 I/O calls, msec/call = 2.05, calls/sec = 499.23
ttcp-t: 0.0user 2.2sys 0:04real 55% 20i+266d 236maxrss 0+2pf 0+2054csw

Using Blowfish/MD5:

$ /tmp/ttcp -t -s -u 192.168.0.200
ttcp-t: buflen=8192, nbuf=2048, align=16384/0, port=5001  udp  ->
192.168.0.200
ttcp-t: socket
ttcp-t: 16777216 bytes in 9.26 real seconds = 1768.90 KB/sec +++
ttcp-t: 2054 I/O calls, msec/call = 4.62, calls/sec = 221.76
ttcp-t: 0.0user 8.7sys 0:09real 94% 16i+215d 236maxrss 0+2pf 0+148csw

The only of these not supported by the vpn1411 is Blowfish, which usually is
a lot faster than 3DES when using software encryption. I believe this shows
that my card is indeed working as it should. Also, I don't believe the
net4801 has enough juice in it to manage >30Mbps 3DES without HW crypto
either. Here is what dmesg tells me in case someone is interested:

hifn0 mem 0xa0008000-0xa000ffff,0xa0004000-0xa0005fff,0xa0003000-0xa0003fff
irq 11 at device 14.0 on pci0
hifn0: Hifn 7955, rev 0, 32KB dram, 64 sessions

Cheers,

Thomas Hertz


> -----Original Message-----
> From: James Baber [mailto:origin at gmail dot com]
> Sent: den 7 juni 2004 15:44
> To: Thomas Hertz
> Subject: Re: [m0n0wall] More throughput testing - m0n0wall to m0n0wall
> (wired) IPSec
> 
> Hello Thomas,
> 
> Can you tell me how you are getting the 1411 to work?  I can't get any
> of mine to work in the 4801.
> 
> Thanks,
> James
> 
>