On Monday, 24 February 2003, at 18:39:08 +0100, Ivo Marino wrote: > Now we've connected to this networks some voice over IP phones which we > would like to use through the VPN, the connection works and is securely > encrypted but network performance is quite low. > What is "low" in this context ?. Give numbers, and then we can compare with some other setups.
> The two endpoints are build up from Intel PII 266MHz CPUs and have almost > 128 MBs of RAM so I actually don't think the VPN performance could be > directly related with the hardware performance, encryption and decryption > of the VPN data plus routing should not be a problem with this kind of > hardware, am I right? > Just tried a point to point tunnel with FreeS/WAN o nmy switch-based network. On the red corner, mighty AMD XP 1700+ and Linux kernel 2.4.20 with FreeS/WAN (extensions included) patches version 1.99-2, and kernel compiled for AMD Athlon, and a 10/100 PCI card. On the blue corner, a shameful Pentium classis 75 MHz, Linux kernel and FreeS/WAN patches as before, an ISA 10 Mbps card, and kernel compiled for i386. Using 3DES encryption with a 168 bit-long key, I get about 300 KB/s in either way (to or from the Pentium box, not simultaneously). Changing ESP encryption algorithm to AES128 does not seem to change a thing (and it should, this need further investigation on my part). As IPsec seems to be quite heavy as a protocol, and 3DES is the worst performing algorithm know to humans ;-), I would expect you box should perform at least five times mine, that would give more than 1.5 MB/s, or enough to saturate a 10 Mbps Ethernet. Check the following URL for some performance data on recent FreeS/WAN: http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/performance.html#performance Hope it helps. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Sid (Linux 2.4.20-xfsip)
