Re: Re: Hardware acceleration using VIA Padlock (was Re: [Openvpn-users] a couple of questions)

"Eric E. Bowles" <eric@xxxxxxxxxx> said:

> Hi James,
> 
> > Now on OpenVPN 1.6 or 2.0-beta6 (but not beta5) try a crypto loopback test:
> > 
> >  openvpn --genkey --secret tmp-key
> >  time openvpn --test-crypto --secret tmp-key --verb 0 --tun-mtu 10000 
> > --cipher
> > aes-128-cbc
> > 
> > This test will generate 10000 random packets starting at a size of 1 byte 
> > and
> > going up to 10000 bytes, and loop them back through the the encryption and
> > decryption algorithms.
> 
> I got access to a 1GHz VIA C3 box and tried the command using OpenVPN 1.6
> and patched OpenSSL library; here are the results:
> 
>       Stock           Patched
>       OpenVPN         OpenVPN
> 
> real    1m13.084s     0m47.655s
> user    1m12.570s     0m47.560s
> sys     0m0.020s      0m0.010s
> 
> I see a 34% improvement with hardware acceleration enabled.

Interesting.  Note that this percentage might be off what you will see in real
usage, because --test-crypto is doing other stuff like generating a lot of
strong pseudo-random numbers to fill up the test packets.

OpenVPN is also doing per-packet authentication using the HMAC/SHA1 algorithm,
I wonder if this is hardware accelerated as well?

Can you try a real network test, such as constructing a tunnel between two
locally connected machines, transfering a large file over the tunnel using FTP
(in both directions), and measuring the CPU usage of OpenVPN?

James



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com