I am trying to compare the performance of several network security protocols between two hosts connected in Gigabit Ethernet.
My goal here is to see if I can saturate my bandwidth, and if not, what is the limiting factor.
- with SSL, I can reach 981 MBit/s, so the Ethernet link is obviously the limiting factor ;
- with SSH, I can reach only 750 MBit/s, but one of my cores is at 100% usage. As SSH is single-threaded, the CPU is the limiting factor ;
- with IPsec, I read around 500 MBit/s but none of my cores are at 100% (they are under 50%).
So my question is : why can't IPsec reach a higher bandwidth ?
The two hosts are running Debian Wheezy and Strongswan for IPsec.
Aucun commentaire:
Enregistrer un commentaire