[ previous ] [ next ] [ threads ]
 From:  Jukka Salmi <jukka dash m0n0wall at 2004 dot salmi dot ch>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  strange throughput results with m0n0wall on net4501
 Date:  Tue, 15 Jun 2004 18:20:52 +0200

I did some throughput measurement on Soekris net4501 boxes running
m0n0wall 1.0 and got strange but reproduceable results which I can't
explain. If someone can I'll be all ears...

Available hardware included two net4501, three regular PCs (running
NetBSD and Linux) and some Soekris crypto accelerators (several vpn1211,
a vpn1401 and a vpn1411).

I used ttcp, nttcp and iperf to measure the data throughput. The results
shown here are the arithmetic average of at least three runs each.

Media type was 100baseTX full-duplex.

At first I measured the throughput when directly connecting the non-

host1 -> host3:		86.3 Mbits/sec
host3 -> host1:		93.3 Mbits/sec

host1 -> host2:		83.9 Mbits/sec
host2 -> host1:		91.3 Mbits/sec

host2 -> host3:		86.2 Mbits/sec
host3 -> host2:		93.5 Mbits/sec

I can't explain why data throughput differs depending on the direction
of the dataflow. All systems were idle (apart from running iperf etc.).

I set up a test environment as follows:

	host1 <--> net4501 <--> host2 <--> net4501 <--> host3

With IPsec disabled, I got the following results:

host1 -> host2:		9.18 Mbits/sec
host2 -> host1:		9.21 Mbits/sec

host3 -> host2:		18.3 Mbits/sec
host2 -> host3:		10.2 Mbits/sec

host1 -> host3:		9.47 Mbits/sec
host3 -> host1:		17.1 Mbits/sec

Hmm, strange differences again...

I established a IPsec tunnel (ESP/3DES/MD5/noPFS) between the two
net4501 systems. The results were as follows:

# without accelerator cards
host1 -> host3:		1.26 Mbits/sec
host3 -> host1:		1.83 Mbits/sec

# vpn1211 each
host1 -> host3:		1.73 Mbits/sec
host3 -> host1:		3.52 Mbits/sec

# vpn1401 <--> vpn1211 (kernel failed to initialise vpn1411...)
host1 -> host3:		1.74 Mbits/sec
host3 -> host1:		3.39 Mbits/sec

That's much less than I had expected. What could be the problem?
Any hints?

Help is appreciated!

TIA, Jukka

bashian roulette:
$ ((RANDOM%6)) || rm -rf ~