ssh None cipher
Allan Jude
allanjude at freebsd.org
Sun Oct 19 18:01:23 UTC 2014
On 2014-10-19 03:46, John-Mark Gurney wrote:
> Freddie Cash wrote this message on Sat, Oct 18, 2014 at 10:21 -0700:
>> On Oct 18, 2014 3:54 AM, "Mark Martinec" <Mark.Martinec+freebsd at ijs.si>
>> wrote:
>>>
>>> If the purpose of having a none cipher is to have a fast
>>> file transfer, then one should be using sysutils/bbcp
>>> for that purposes. Uses ssd for authentication, and
>>> opens unencrypted channel(s) for the actual data transfer.
>>> It's also very fast, can use multiple TCP streams.
>>
>> That's an interesting alternative to rsync, scp, and ftp, but doesn't help
>> with zfs send/recv which is where the none cipher really shines.
>>
>> Without the none cipher, SSH becomes the bottleneck limiting transfers to
>> around 400 Mbps on a gigabit LAN. With the none cipher, the network becomes
>> the bottleneck limiting transfers to around 920 Mbps on the same gigabit
>> LAN.
>>
>> This is between two 8-core AMD Opteron 6200 systems using igb(4) NICs.
>
> Are you running on HEAD or possibly 10.x (I believe we have OpenSSL
> 1.0.x on 10.x)? w/ modern processors w/ AES-NI and a modern version of
> OpenSSL, you should be able to get much faster speeds than that... I'm
> able to get ~200MB/s over lo0 on my HEAD box on a:
> CPU: AMD A10-5700 APU with Radeon(tm) HD Graphics (3393.89-MHz K8-class CPU)
>
> $ netstat -w 1 -I lo0
> input lo0 output
> packets errs idrops bytes packets errs bytes colls
> 39162 0 0 207823548 39162 0 207823548 0
> 26327 0 0 158674156 26327 0 158674156 0
> 38254 0 0 221313096 38254 0 221313096 0
> 41362 0 0 219740344 41362 0 219740344 0
> 40271 0 0 213565272 40271 0 213565272 0
> 37698 0 0 225447008 37698 0 225447008 0
>
> while running:
> $ ssh 0 dd if=/dev/zero >/dev/null
>
> This is w/ no special patches to OpenSSL or ssh...
>
> It could go twice as fast if ssh could use multiple threads to do the
> encryption (the processor has 4 cores, 2 would be used for sending, 2
> for receiving)...
>
There is a patch for threaded AES-CTR in the openssh-portable port.
Might be worth benchmarking that.
--
Allan Jude
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20141019/06870b09/attachment.sig>
More information about the freebsd-current
mailing list